# Scattered Spider

# Adversary Overview

Scattered Spider is a financially motivated cybercriminal group that has been active since early 2022, targeting a wide variety of industries across the world. Their focus has been impacting organizations with large financial payouts like technology, telecommunications, finance, an entertainment industry. The group is known known for their ability to live off the land and leverage legitimate tools to evade detection. The cybersecurity community has equated Scattered Spider’s understanding of endpoint detection and response (EDR) and single sign-on (SSO) capabilities to that of Sysadmins or Red Teamers. They are considered to be formidable in cloud environments and specialize in credential harvesting techniques and social engineering tactics to gain access to networks.

# Key Adversary Report References

Source ID	Report Links
1	Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies
2	Scattered Spider: The Modus Operandi
3	Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety \| Google Cloud Blog
4	UNC3944 Targets SaaS Applications \| Google Cloud Blog
5	SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack \| Mandiant \| Google Cloud Blog
6	0ktapus campaign: Twilio, Cloudflare, and over 130 more victims discovered by Group-IB
7	Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction \| Microsoft Security Blog
8	LUCR-3: Scattered Spider Getting SaaS-y in the Cloud