www.group-ib.com
Scattered Spider Reclassified as Decentralized Cybercrime Collective
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Scattered Spider, a cybercrime entity linked to various high-profile attacks since 2022, has been reclassified as a decentralized collective rather than a unified group. Group-IB's analysis indicates that it consists of independent clusters operating separately, sharing tactics and tools. Notable incidents include attacks on Twilio customers in August 2022 and Caesars Palace and MGM Resort in September 2023. Despite arrests of some members, attacks attributed to Scattered Spider have persisted, with advisories issued by CISA in 2025. The group has also been associated with names like 0ktapus and Muddled Libra. Group-IB's research emphasizes that some activities may have been conducted by unrelated actors, distinguishing 0ktapus from other attacks. Social engineering remains a common tactic, with phishing campaigns targeting employees across various sectors. The report concludes that the decentralized nature of Scattered Spider complicates efforts to mitigate its threat.
Key Points: • Scattered Spider is now viewed as a decentralized cybercrime collective. • High-profile attacks include incidents affecting Twilio, Caesars Palace, and MGM Resort. • Social engineering tactics, particularly phishing, are commonly used across its clusters.