The FBI and Cybersecurity and Infrastructure Security Agency released an updated joint cybersecurity advisory in response to recent activity by the cybercriminal group Scattered Spider against the commercial facilities sectors and subsectors. Scattered Spider—also known as Starfraud, UNC3944, Scatter Swine and Muddled Libra—targets large companies and their contracted information technology help desks.
Scattered Spider threat actors, per trusted third parties, have typically engaged in data theft for extortion and have also been known to utilize BlackCat/ALPHV ransomware alongside their usual tactics, techniques and procedures. They are considered experts in social engineering and use multiple social engineering techniques, especially phishing, push bombing, and subscriber identity module swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication.