Stay One Step Ahead of Identity Thieves
SCATTERED SPIDER is likely an eCrime adversary that conducts targeted social-engineering campaigns primarily against firms specializing in customer relationship management and business-process outsourcing, as well as telecommunications and technology companies. The adversary primarily uses phishing pages to capture authentication credentials for identity management tools, VPNs or edge devices to share one-time-password (OTP) codes or overwhelms targets using MFA notification fatigue.
SCATTERED SPIDER avoids using techniques unique to malware. The adversary has primarily used a variety of legitimate remote monitoring and management (RMM) tools (e.g., AnyDesk), tunneling tools (e.g., Chisel) to maintain persistent access, and vulnerability exploits in kernel drivers to avoid detection (e.g., Intel drivers). SCATTERED SPIDER has been observed delivering extortion demands to victims and has also been seen deploying ransomware to victim networks to monetize their access in big game hunting campaigns.