Scattered Spider Tied to Fresh Attacks on Financial Services

A shocking development in the world of cybersecurity has left experts reeling, as a notorious hacking collective known as Scattered Lapsus$ Hunters published a cryptic message proclaiming their intention to "go dark." The announcement, which was made by a member of the group, sent waves of skepticism through the industry. However, evidence suggests that at least some members of this loose-knit hacking collective are continuing to wreak havoc on unsuspecting targets.

Threat intelligence firm ReliaQuest has confirmed that Scattered Spider is still actively targeting financial services organizations, despite the group's claims of retiring from hacking. In a recent report, ReliaQuest revealed that a major U.S. banking institution fell victim to a sophisticated attack by Scattered Spider, just days after the retirement announcement.

The attackers attempted to steal sensitive data from multiple repositories, including the victim's accounts with Amazon Web Services and cloud-based data platform Snowflake. The group gained initial access to the organization's network by socially engineering an executive's account, resetting their password via Azure Active Directory Self-Service Password Management.

"From there, they accessed sensitive IT and security documents, moved laterally through the Citrix environment and VPN, and compromised VMware ESXi infrastructure to dump credentials and further infiltrate the network," ReliaQuest stated in a detailed report. The brazen attack highlights the cunning and sophistication of Scattered Spider's tactics.

Many experts had been skeptical about whether ShinyHunters and members of LAPSUS$ and ScatteredSpider would really go dark or retire, as some had predicted based on their earlier statements. However, ReliaQuest's observations seem to provide concrete evidence that at least some threat actors are not retiring at all.

The incident serves as a stark reminder of the ongoing threat landscape in cybersecurity and the need for organizations to remain vigilant and proactive in protecting themselves against advanced threats like Scattered Spider.