TZUTC: -0500   
   MSGID: 1303.consprcy@1:2320/105 2cef6610   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   FBI, CISA warn of more Scattered Spider attacks to come   
      
   Date:   
   Wed, 30 Jul 2025 13:06:55 +0000   
      
   Description:   
   Infamous hacking collective Scattered Spider is evolving to grow even more   
   dangerous.   
      
   FULL STORY   
      
   Scattered Spider is only getting warmed up with its cyberattacks, and   
   businesses should be on their guard for possible attacks, law enforcement   
   forces have said.    
      
   A warning given by the US Cybersecurity and Infrastructure Security Agency   
   (CISA), and a handful of other security agencies in Canada, the UK, and   
   Australia, says the group has evolved to use more advanced social engineering   
   - mostly impersonating employees to trick IT help desks into resetting   
   passwords and transferring MFA tokens to attacker-controlled devices.    
      
   The hackers have also added new malware such as RattyRAT for stealthy access   
   and DragonForce ransomware to encrypt systems and demand payment - especially   
   targeting VMware ESXi servers.   
      
   More to come    
      
   Also known as Okto Tempest (and a handful of other names), Scattered Spider    
   is described as a highly aggressive and sophisticated cybercriminal group   
   known for targeting major companies through social engineering, phishing, and   
   identity-focused attacks.    
      
   The group is infamous for its use of SIM swapping, MFA fatigue attacks, and   
   help desk impersonation to gain initial access, and its the latter that CISA   
   is now further stressing.    
      
   Scattered Spider is generally engaged in double-extortion attacks,   
   exfiltrating sensitive files to third-party servers before encrypting the   
   target infrastructure. To store the stolen files, theyre using MEGA.nz and   
   Amazon S3, and in some cases, theyve run thousands of queries against   
   Snowflake environments to steal large volumes of data quickly.    
      
   To stay hidden, they create fake identities backed by social media profiles,   
   monitor internal communications like Slack and Microsoft Teams, and even join   
   incident response calls to learn how defenders are reacting.    
      
   CISA says more Scattered Spider attacks are to be expected in the coming    
   weeks and months, and urges organizations to use phishing-resistant MFA (like   
   FIDO/WebAuthn), audit and restrict remote access tools, monitor risky logins   
   and unusual account behavior, maintain offline, encrypted backups, segment   
   networks, and patch known vulnerabilities.    
      
    Via Cybernews   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/fbi-cisa-warn-of-more-scattered-spider-   
   attacks-to-come   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426