Scattered Spider, otherwise known as UNC3944 gained notoriety during the infamous attack on MGM (which we reported in in 2023) which was estimated to have cost the company around $100 million dollars. The group has kept up its momentum while targeting financial institutions in particular such as PNC Financial Group, Synchrony Financial, Truist Bank and more.
It’s estimated the cost of cyber crime has risen to $793 billion per month with groups like Scattered Spider contributing to this bottom line. The group has also been in the news for its unusual makeup, with most arrests being teenagers to young adults. This is not the hardened group of long-time professional hackers most people think of when they think of breaches on this scale.
A set of recent arrests were made of two 19-year-old men, a 17-year-old boy and a 20-year-old woman in the UK, with the bad actors being charged with blackmail, money laundering and ties to a criminal organization as of writing. One of the alleged leaders of the group, 23-year-old Tyler Buchanan, was also arrested in May of this year and has been extradited to California to face charges where he faces up to 47 years behind bars.
Ransomware/Malware-as-a-service (RAAS/MAAS) becoming more ubiquitous means that someone doesn’t even have to be extremely tech savvy to pull a cyber attack, expanding the reach of bad actors looking for financial gain from attacks on anyone convenient. It has never been more true than it is now in 2025 that no one is safe from cyber threats. Your business Isn’t too small or too remote to be a target.
The group has also focused on tactics that are more social engineering than directly technical, with phishing being a primary driver as we saw in the MGM attack. Here are 5 ways hacking groups like Scattered Spider are pulling off cyber attacks:
- Social Engineering and Impersonation
Scattered Spider is notorious for tricking employees into giving up credentials. They often:
- Impersonate IT or help desk personnel
- Call or message employees to reset passwords or approve MFA prompts
- Use public info (like LinkedIn profiles) to craft believable stories
- SIM Swapping
They hijack a victim’s mobile number by convincing the phone carrier to transfer it to a SIM card they control. Once they do this, they can:
- Bypass MFA (multi-factor authentication)
- Receive SMS-based codes for password resets
- Exploiting Identity & Access Management (IAM) Systems
They target systems like Okta or Microsoft Azure AD to escalate privileges and gain access across an organization. Once inside:
- They move laterally across systems
- Create persistent backdoors
- Abusing Remote Access Tools
Scattered Spider leverages legitimate tools like:
- Remote desktop software
- VPNs and virtual desktop infrastructure (VDI)
They often enter using stolen credentials and hide in plain sight by mimicking normal user activity.
- Ransomware Deployment & Data Theft
After gaining sufficient access, they:
- Exfiltrate sensitive data
- Deploy ransomware (often in partnership with ransomware-as-a-service groups like ALPHV/BlackCat)
- Threaten double extortion: demanding payment to both unlock systems and not leak data
At Valley Techlogic, we help businesses of all sizes stay protected against advanced threats from hacking groups like Scattered Spider by combining proactive cybersecurity strategies with enterprise-grade tools. Our team monitors for suspicious activity, implements strong identity and access controls, and trains your staff to recognize social engineering attempts, closing the gaps these groups exploit. With layered protection and rapid response capabilities, we keep your systems secure and your data safe. Get started with a Valley Techlogic service plan today to protect your business from future threats.
Looking for more to read? We suggest these other articles from our site.
-
Staying secure on the 4th, why phishing attacks increase during holiday weekends
-
We’re halfway through 2025, our top 10 blogs of the year so far
-
6 Reasons to Choose a Managed Service Provider (MSP) Over Hiring an In-House IT Team
-
Fast fashion behemoth Shein got hit with a complaint alleging “dark patterns” manipulation, what are dark patterns?
-
“Windows 95 would be an upgrade” the state of technology in US aviation and the danger of outdated technology in your business
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.
You must be logged in to post a comment.