Anatomy of a Scattered Spider attack: A growing ransomware threat evolves

The cybercriminal group has broadened its attack scope across several new industries, bringing valid credentials to bear on help desks before leveraging its new learnings of cloud intrusion tradecraft to set the stage for ransomware. Scattered Spideris increasingly making headlines of late, evolving its techniques and broadening the scope of its criminal activities against a wider array of enterprises. Active since at least May 2022, the financially motivated cybercriminal group initially targeted telecommunications and entertainment companies, including MGM Resorts and Caesars Entertainment, through SIM-swapping and ransomware operations. [ See also:How CISOs can defend against Scattered Spider ransomware attacks] Over time, the group has shifted to high-value industries, most notably with attacks in May targeting major retailers such as Marks & Spencer, Co-op, and Harrods, and more recentlyairlines  such as Hawaiian and Quantasin assaults that caused widespread disruption to their op...