Home FBI exposes Scattered Spider’s alliance with notorious ransomware gang

FBI exposes Scattered Spider’s alliance with notorious ransomware gang

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have exposed new details about the cybercrime group Scattered Spider and its collaboration with the notorious ALPHV/BlackCat ransomware operation in an advisory published on Friday.

According to a Bleeping Computer report, Scattered Spider — tracked by multiple aliases including 0ktapus, Starfraud, and Octo Tempest — has been responsible for some of the most high-profile ransomware attacks in recent years. The fluid collective of English-speaking hackers as young as 16 has relied on cunning social engineering tactics to breach the networks of companies like MailChimp, Reddit and Twilio.

Now, the FBI reveals that select members of Scattered Spider have joined forces with ALPHV/BlackCat, the Russia-based ransomware cartel behind major attacks on oil giant Shell and Costa Rica’s government. This alliance allows the Scattered Spider actors to encrypt and lock systems using BlackCat, then extort victims for ransom payments.

Experts say Scattered Spider’s loose, decentralized structure makes the group difficult to track. The FBI knows the identities of at least 12 individuals but has yet to prosecute any members. Some are believed also to be part of “The Comm,” a network of hackers involved in recent violent crimes.

Scattered Spider’s access tactics exploit human vulnerabilities. Posing as IT staff, they trick employees into handing over credentials via SMS phishing, phone calls, and fake domain names impersonating corporate services. Once inside, they covertly install RAT malware and monitoring tools to steal data and learn about incident response efforts in Slack or email. This allows Scattered Spider to evade detection, create fake accounts to move laterally and determine how victims are trying to kick them out.

The advisory warns they take interest in source code, certificates, and credential repositories.

Experts urge strengthening MFA, email security, network segmentation, and patching against the MITRE techniques listed by the FBI. They also advise implementing robust data recovery plans and offline backups to empower recovery after an attack.

The exposure of Scattered Spider’s inner workings sheds light on the human infrastructure behind sophisticated cybercriminal networks executing ransomware attacks. It also exemplifies the evolving cyber threat landscape, where threat actors share capabilities to maximize profits from extortion.

Photo by Pixabay.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Radek Zielinski
Tech Journalist

Radek Zielinski is an experienced technology and financial journalist with a passion for cybersecurity and futurology.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.