CISA, along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre, released an updated joint Cybersecurity Advisory on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. This advisory provides updated tactics, techniques, and procedures (TTPs) obtained through FBI investigations conducted through June 2025.
Scattered Spider threat actors have been known to use various ransomware variants in data extortion attacks, most recently including DragonForce ransomware. While Scattered Spider often changes TTPs to remain undetected, some TTPs remain consistent. These actors frequently use social engineering techniques such as phishing, push bombing, and subscriber identity module swap attacks to obtain credentials, install remote access tools, and bypass multi-factor authentication.
The Mitigations section of the Scattered Spider joint Cybersecurity Advisory offers critical infrastructure organizations and commercial facilities recommendations to fortify their defenses.
Systems Affected Systems running Microsoft Office XP and Outlook 2002 Overview There…
Systems Affected Applications and systems that use the OpenSSL SSL/TLS library Overview …
Systems Affected Continuing Threats to Home Users View Previous Alerts Alert (SA04-079A) Continuing Threats…
Systems Affected Microsoft Windows systems Overview A cross-domain vulnerability in the Outlook…
Systems Affected Systems running Microsoft Windows Overview There are multiple vulnerabilities in…
Systems Affected Microsoft Windows Operating Systems Microsoft Windows Remote Procedure Call (RPC) and Distributed…
This website uses cookies.