FBI Warns on Scattered Spider Hackers, Urges Victims to Come Forward
The FBI warned organizations to guard against the Scattered Spider hacking group, which has breached dozens of American organizations over the past year, stealing their sensitive data for extortion.
They were behind the September hacks into casino companies MGM Resorts International and Caesars Entertainment, but have intruded various organizations from telecom companies to healthcare groups, security researchers say.
The statement, issued jointly with the U.S. Cybersecurity and Infrastructure Security Agency, sheds new light into how these hackers operate.
Even after they’ve gained access into an organization’s systems, the hackers keep checking its internal communication channels such as Slack, Microsoft Teams, and Microsoft Exchange online, for emails or conversations that might show if their breach had been discovered, the statement said.
The criminals “frequently join incident remediation and response calls and teleconferences, likely to identify how security teams are hunting them and proactively develop new avenues of intrusion in response to victim defenses,” it added.
The FBI and CISA urged critical infrastructure organizations to implement a series of security measures they recommended and urged victim organizations to share information about the hacks with the agencies.
Everything from a sample ransom note, communications with the hackers, their cryptocurrency wallet information, or samples of malicious files could be useful, they said.
“FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered,” they said, adding that ransom payments may embolden the hackers into going after more targets.
- Bank Will Offer Accommodation to Employee With Anxiety Disability
- $1.3 Billion Lottery Winner Sues for $100K Damages Over Identity Disclosure by Mom
- Former Allstate Agent in North Carolina Ordered to Abide by Non-Compete Agreement
- New Jersey Supreme Court: Workers’ Compensation Covers Commuting Employee’s Car Crash Injury