New Cyber Extortion Groups Target Critical Infrastructure with Phishing Tactics

New Cyber Extortion Groups Target Critical Infrastructure with Phishing Tactics

First seen 1 May 2026, 16:08 UTC CyberscoopScworldNews.Defcroscyberscoop.comCybersecuritynews 80% similarity 71.0

Article Content

Browse articles
ThreatCluster

Two threat groups, Cordial Spider and Snarky Spider, affiliated with The Com, are targeting U.S. organizations across various critical infrastructure sectors for rapid data theft and extortion. Their operations, reported by CrowdStrike, began at least in October 2025 and involve sophisticated voice-phishing and social engineering tactics. These attackers exploit vulnerabilities in identity platforms and SaaS environments by tricking employees into providing credentials through fake Single Sign-On (SSO) pages. The groups are linked to the Scattered Spider operation and utilize methods that include disabling multi-factor authentication and deleting alert notifications to cover their tracks. Victims primarily belong to the academic, aviation, retail, hospitality, automotive, financial services, legal, and technology sectors. Extortion demands are typically in the seven-figure range, and some victims face additional DDoS attacks if they refuse to pay. The situation remains critical as the attackers continue to refine their tactics, posing a significant risk to sensitive data and organizational integrity.

Key Points: • Cordial Spider and Snarky Spider are targeting critical infrastructure sectors in the U.S. • Attack methods include voice phishing and fake SSO pages to steal credentials. • Extortion demands from these groups typically reach seven figures.

ThreatCluster AI

Timeline

2025-10-01
Cordial Spider and Snarky Spider begin operations.
2026-04-30
CrowdStrike reports on the threat groups' activities.
2026-05-01
CyberScoop publishes detailed report on the extortion tactics.

Community

Browse all →