The rise and fall of the ‘Scattered Spider’ hackers

Date:

Share post:


After evading capture for more than two years following a hacking spree that targeted some of the world’s biggest tech companies, U.S. authorities say they have finally caught at least some of the hackers responsible.

In August 2022, security researchers went public with a warning that a group of hackers had targeted over 130 organizations as part of a sophisticated phishing campaign that stole the credentials of almost 10,000 employees. The hackers were specifically targeting companies that used Okta, a single sign-on provider used by thousands of companies worldwide to let their employees log in from home. 

Because of its focus on Okta, the hacking group was dubbed “0ktapus.” To date, the group hacked Caesars Entertainment, Coinbase, DoorDash, Mailchimp, Riot Games, Twilio (twice), and dozens more. 

The hackers’ most notable sizable cyberattack by way of downtime and impact was the hack against MGM Resorts in September 2023, which reportedly cost the casino and hotel giant at least $100 million. In that case, the hackers worked with the Russian-speaking ransomware gang ALPHV, and demanded a ransom from MGM for the company to get its files back. The hack was so disruptive that the casinos owned by MGM had trouble providing services for days.

For the last two years, as law enforcement has been closing in on the hackers, people in the cybersecurity industry tried to figure out exactly how to categorize the hackers and whether to put them in one group or another. 

The hackers’ techniques, such as social engineering, email and text message phishing, and SIM swapping, are common and widespread. Some of the individual hackers were part of several groups responsible for different data breaches. These circumstances have made it difficult to understand exactly who belongs in what group. Cybersecurity giant CrowdStrike dubbed this umbrella group of hackers “Scattered Spider,” and researchers believe there is some overlap with 0ktapus.

The group was so active — and successful — that U.S. cybersecurity agency CISA and the FBI issued an advisory in late 2023 with details on the group’s activities and techniques, in an attempt to help organizations prepare for and defend against anticipated attacks. 

Scattered Spider is “a cybercriminal group that targets large companies and their contracted IT help desks,” CISA wrote in its advisory. The agency warned that the group “have typically engaged in data theft for extortion,” and noted their known links to ransomware gangs.

One thing that’s relatively certain is that the hackers are mostly English-speaking, and widely believed to be in their teens and early-20s — and sometimes referred to as “advanced persistent teenagers.”

“There is a disproportionate number of minors involved, and that’s because the group deliberately recruits minors because of the lenient legal environment these minors exist in and they know nothing will happen to them if the police catch a kid,” Allison Nixon, chief research officer at Unit 221B, told TechCrunch at the time.

Over the last two years, some of the members of 0ktapus and Scattered Spider have been linked with a similarly nebulous group of cybercriminals known as “the Com.” People in this wider cybercrime community have committed crimes that crossed over into the real world. Some of them have been responsible for violent acts, such as robberies, burglaries, and brickings — hiring thugs to throw bricks at someone’s house or apartment; as well as swatting — where someone tricks authorities into believing there’s a violent crime happening, triggering the armed police unit to intervene. While born as a prank, swatting is known to have fatal consequences. 

After two years of hacking, authorities are finally starting to identify and charge members of Scattered Spider. 

In July, U.K. police confirmed the arrest of a 17-year-old in connection to the hack at MGM.

In November, the U.S. Department of Justice announced that it had indicted five hackers: Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Noah Michael Urban, 20, of Palm Coast, Florida, who had been arrested in January; Evans Onyeaka Osiebo, 20, of Dallas, Texas; Joel Martin Evans, 25, of Jacksonville, North Carolina; and Tyler Robert Buchanan, 22, from the United Kingdom, who was arrested in June in Spain.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Hyundai is giving away free Tesla NACs adapters to its EV customers

Hyundai said Monday it will send customers who have bought or leased an EV before January 31...

OpenAI’s o3 suggests AI models are scaling in new ways — but so are the costs

Last month, AI founders and investors told TechCrunch that we’re now in the “second era of scaling...

Nvidia’s CES 2025 keynote: How to watch

Nvidia will no doubt have the biggest CES 2025. After all, the company has pretty much the...

An investigation finds that Google Maps fails users in the West Bank 

A Wired investigation found that Google Maps can be near impossible to use in the West Bank,...

AI startups attracted 25% of Europe’s VC funding

Venture funding into Europe is heading for a flat year, but this may obfuscate the fact that...

Coralogix acquires AI observability platform Aporia

Coralogix, the well-funded observability platform, on Monday announced that it has acquired Aporia, a startup that focuses...

CES 2025 is coming: TechCrunch wants to meet your hardware startup

According to the calendar, we’re a mere weeks out from CES — the perfect gift for your...

Eero’s Outdoor 7 long-distance mesh unit solved our yearslong Wi-Fi quandary in 10 minutes

So far in life, I haven’t needed be a “mesh guy.” A well-chosen and carefully placed Wi-Fi...