Scattered Spider [1] [2] [3] [4] [5], also known as Octo Tempest [3] [4], has recently expanded their cyber arsenal by incorporating the Qilin ransomware variant, in addition to RansomHub, as reported by Microsoft’s Threat Intelligence Team [2].
Description
This highly sophisticated cybercrime group is notorious for their advanced social engineering tactics, identity theft schemes, and targeting of VMware ESXi servers. They have been linked to attacks on high-profile organizations such as Microsoft, Binance [4], CoinBase [4], T-Mobile [4], and more. Scattered Spider has also been associated with the deployment of BlackCat ransomware and other ransomware families like BlackSuit, Medusa [3] [5], and Black Basta [3] [5].
Qilin ransomware [2] [3] [5], previously known as “Agenda,” has targeted over 130 companies and is currently developing a Linux encryptor specifically designed for VMware ESXi servers [2]. This ransomware variant is known for its double extortion schemes, stealing sensitive data and demanding ransoms ranging from tens of thousands to millions of dollars. RansomHub [1] [2] [3] [4] [5], a ransomware-as-a-service platform [2], has gained popularity among threat actors and has been linked to Scattered Spider’s operations.
Scattered Spider’s tactics include impersonation of IT personnel, phishing [2] [4], MFA bombing [2] [4], and SIM swapping for initial access to compromised networks. The FBI and CISA have issued warnings about their sophisticated techniques. Microsoft has identified Scattered Spider as a highly dangerous group, emphasizing the threat posed by their activities.
Conclusion
The activities of Scattered Spider, including the use of Qilin ransomware and RansomHub, pose a significant threat to organizations worldwide. It is crucial for businesses to implement robust cybersecurity measures to protect against such sophisticated cyber threats. Collaboration between law enforcement agencies, cybersecurity experts, and organizations is essential to mitigate the impact of groups like Scattered Spider and prevent future attacks.
References
[1] https://fr.techtribune.net/d2/tendance-actuelle/microsoft-associe-les-pirates-informatiques-scattered-spider-aux-attaques-de-ransomware-qilin/935457/
[2] https://www.darkreading.com/threat-intelligence/microsoft-scattered-spider-widens-web-with-ransomhub-and-qilin
[3] https://www.threatshub.org/blog/cyber-crime-super-crew-scattered-spider-falls-in-love-with-ransomhub-and-qilin/
[4] https://www.hwupgrade.it/news/sicurezza-software/gli-hacker-scattered-spider-alzano-il-livello-di-minaccia-aggiungendo-il-ransomware-qilin-al-loro-arsenale_128924.html
[5] https://leymarcodeciberseguridad.cl/las-nuevas-herramientas-de-ransomware-favoritas-de-scattered-spider-son-ransomhub-y-qilin-the-register/