The Scattered Spiders hacking group is notorious for infiltrating organizations using advanced techniques. Read on for all the details.

Beware: ‘Scattered Spiders’ Hackers Lurking – Alert from FBI!

The Federal Bureau of Investigation (FBI) has warned organizations about a hacking group called Scattered Spiders – a group known to have infiltrated several organizations across the United States and the world.

This advisory consists of the techniques, tactics, and procedures these hackers use to operate and warns of how these hackers carry out crimes such as extortion and use social engineering techniques. These include phishing, push bombing, and SIM swapping attacks to steal credentials, install remote access tools, and even bypass multi-factor authentication.

This hacker group also goes by other aliases – including Starfraud, UNC3944, Scatter Swine and Muddled Libra. Also, according to Bleeping Computer, the members are only 16 years old and primarily English speakers.

Hackers pose as IT support, at the Helpdesk

The FBI points out that these hackers pretend to be from IT support and help desks of various companies, and in this way they convince employees to acquire user credentials to gain network access, steal OTPs to penetrate systems, create MFA notification prompts, and even manage users’ SIM cards.

The FBI further said that once these threat actors gain access to networks, they use publicly available remote access tunneling tools to monitor and control systems. “Scattered Spider threat actors have historically avoided detection on target networks by using offshore technologies and allowed applications to navigate victim networks, as well as frequently changing their TTP points,” the FBI added.

History of high-profile attacks

Bleeping Computer reports that in the past, the group has been known to attack some of the most savvy companies — including Riot Games, DoorDash, MailChimp, and more. Additionally, major companies like Microsoft have also warned about the same group, but contacted them using a different alias – Octo Tempest.

How to be safe

In addition to first breaking into networks and using publicly available remote access tools, these hackers install malware via WinZone RAT, Racoon Stealer, and others, and then steal compromised passwords and other data.

To ensure this, the FBI advises users to keep offline backups of data, require all accounts to be password logged in, use longer passwords of at least eight characters and no more than 64 characters, require anti-phishing multi-factor authentication (MFA ), keep all operating systems, software, and firmware up-to-date , segment networks to prevent the spread of malware, disable email hyperlinks, and keep all data encrypted.