Languagesx
English Deutsch
Subscribe
Home FBI exposes Scattered Spider’s alliance with notorious ransomware gang

FBI exposes Scattered Spider’s alliance with notorious ransomware gang

spider web

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have exposed new details about the cybercrime group Scattered Spider and its collaboration with the notorious ALPHV/BlackCat ransomware operation in an advisory published on Friday.

According to a Bleeping Computer report, Scattered Spider — tracked by multiple aliases including 0ktapus, Starfraud, and Octo Tempest — has been responsible for some of the most high-profile ransomware attacks in recent years. The fluid collective of English-speaking hackers as young as 16 has relied on cunning social engineering tactics to breach the networks of companies like MailChimp, Reddit and Twilio.

Now, the FBI reveals that select members of Scattered Spider have joined forces with ALPHV/BlackCat, the Russia-based ransomware cartel behind major attacks on oil giant Shell and Costa Rica’s government. This alliance allows the Scattered Spider actors to encrypt and lock systems using BlackCat, then extort victims for ransom payments.

Experts say Scattered Spider’s loose, decentralized structure makes the group difficult to track. The FBI knows the identities of at least 12 individuals but has yet to prosecute any members. Some are believed also to be part of “The Comm,” a network of hackers involved in recent violent crimes.

Scattered Spider’s access tactics exploit human vulnerabilities. Posing as IT staff, they trick employees into handing over credentials via SMS phishing, phone calls, and fake domain names impersonating corporate services. Once inside, they covertly install RAT malware and monitoring tools to steal data and learn about incident response efforts in Slack or email. This allows Scattered Spider to evade detection, create fake accounts to move laterally and determine how victims are trying to kick them out.

The advisory warns they take interest in source code, certificates, and credential repositories.

Experts urge strengthening MFA, email security, network segmentation, and patching against the MITRE techniques listed by the FBI. They also advise implementing robust data recovery plans and offline backups to empower recovery after an attack.

The exposure of Scattered Spider’s inner workings sheds light on the human infrastructure behind sophisticated cybercriminal networks executing ransomware attacks. It also exemplifies the evolving cyber threat landscape, where threat actors share capabilities to maximize profits from extortion.

Photo by Pixabay.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags
Radek Zielinski
Tech Journalist

Radek Zielinski is an experienced technology and financial journalist with a passion for cybersecurity and futurology.

Related News

Hackers 'steal Ready or Not developer's source code'. A hooded figure in green digital camouflage, symbolizing a hacker, holds a rifle against a backdrop of binary code.
Hackers ‘steal Ready or Not developer’s source code’
Suswati Basu
AI-inspired image of a team of Chinese hackers in a control room with the flag of China on the wall
Chinese hackers increasingly using AI to interfere in elections – report
Graeme Hanna
Man sat in bedroom on his computer at his desk
‘Millions of Americans affected by Chinese hacking plot’
Sophie Atkinson
Microsoft small-scall atomic reactors
Microsoft details update on Russian-sponsored “ongoing attack”
Graeme Hanna
An image of the Epic Games logo
Epic Games hack update – Epic has no evidence that hack is not a hoax
Paul McNally

Most Popular Tech Stories

Latest News

Flutter Entertainment shareholders approve New York relocation. A person's hand holding a smartphone in front of the New York Stock Exchange and London Stock exchange buildings. The smartphone screen displays a betting app interface with sports betting options and user interactions. Golden coins are raining down in the scene, symbolizing financial transactions or winnings. The classical architecture of the NYSE with its ornate columns and sculptures forms a dramatic backdrop, highlighting the intersection of traditional finance and modern digital betting.
Gambling

Flutter Entertainment shareholders approve New York relocation
Suswati Basu1 hour

Flutter Entertainment is set to relocate its primary listing to the New York Stock Exchange (NYSE) after 98 per cent of its shareholders backed the move. Flutter is a major...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.