- Spider Gang dispersed has resumed the attacks, pointing to an American bank despite stating that it darkens
- Computer pirates used Phishing from Vishing and Okta-Okta to avoid confidential MFA and former confidential data
- Group linked to important infractions, including Salesforce’s leak that affects more than 700 companies
It seems that retirement does not adapt to the scattered spider, since the infamous threat actor aimed at banking organizations in the United States has been observed, despite the statements that he was “darkening.”
Reliakest security researchers have published a new report that claims to have seen evidence of a new activity by computer pirates.
Among the evidence are multiple similar domains linked to the vertical Fintech, as well as a victim, an American banking organization.
Social engineering
To violate the target organization, the scattered spider apparently went to visit (voice phishing). The group would call employees on the phone, you would be supplied to IT staff and convince them to authorize access to “connected applications”.
These apparently benign applications (falsification of Salesforce, or similar), allowed criminals to exfiltrate confidential commercial data. To steal the login credentials, the attackers used PHISHING pages with OKTA theme, successfully avoiding security controls such as multifactor authentication.
“The scattered spider obtained initial access to the social engineering of an executive account and restoring its password through the self -service password management of Azure Active Directory,” he said in the report.
“From there, they agreed to confidential security and IT documents, moved laterally through the Citrix and VPN environment, and pledged the ESXI VMware infrastructure to overturate credentials and infiltrate themselves even more on the network.”
The scattered spider is one of the three groups that are supposedly behind the violations in Jaguar Land Rover (JLR), Marks & Spencer, the Cooperative, Harrods and many others.
Recently, the group announced that it was “oscillating”, and some investigators believe that computer pirates fear a police response, while others think it could be an easy way to change the name or pivot.
However, they could both. The scattered spider is also being linked to the great data leakage of Salesforce / Salesdrift, which seems to have affected more than 700 companies. If these statements turn out to be authentic, this would be one of the greatest infractions in recent history and, as such, would definitely attract the attention of the FBI, and possibly even the NSA.
Through The hacker news
