The hacking group known as Scattered Spider and UNC3944 has gained notoriety for its skills in social engineering. This group was responsible for cyberattacks against MGM Resorts International and Caesars Entertainment Inc., causing havoc and demanding ransom payments. The group’s attacks have escalated in recent years, with North American companies being targeted on a weekly basis.
The attackers are highly effective social engineers, according to cybersecurity experts. They use tactics such as impersonating employees and tricking IT help desk workers into sharing credentials. The hackers have also targeted cloud computing accounts and hypervisor tools to gain remote access to computers. To avoid detection, they use virtual private networks to make it appear as if they are located in the same area as the victim.
Members of Scattered Spider are based in the US and UK, and some are as young as 19 years old. They carefully select their targets, focusing on companies with high valuations. Their motive is to get rich quickly and evade capture.
The group has previously used a type of ransomware called ALPHV to extort victims. ALPHV, developed by a hacking group of the same name, is effective at evading detection and reversing the malware code. The FBI reported that ALPHV ransomware had been used in at least 60 attacks worldwide.
Experts believe that Scattered Spider may be linked to Russian hacking outfits. The group is believed to have evolved from earlier Russian hacking groups that disbanded after a series of high-profile ransomware attacks.
Despite rumors, there is no evidence to suggest that teenagers from the US and UK were involved in the hacking of MGM. The attackers remain at large, and their true identities and affiliations are still unknown.
Overall, Scattered Spider and UNC3944 are a significant and aggressive threat to organizations in the United States. Their skills in social engineering and their use of advanced ransomware make them a formidable adversary for businesses.