Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries
Essential information
- Published
- 11/09/2024 20:18
- Modified
- 11/09/2024 20:30
- Tags
- 2024-09-11 alphv blackcat cloud finance insurance noberus persistence phishing raccoon stealer ransomware redline stealer sim swapping stealc vidar stealer
- Related entities
- 12 observables, 1 intrusion sets (apt), 22 techniques (mitre), 7 malware, 2 others
Description
The Scattered Spider cybercriminal group is targeting cloud infrastructures in the insurance and financial sectors using advanced techniques. They exploit leaked authentication tokens, conduct phishing and smishing campaigns, and leverage SIM swapping to bypass multi-factor authentication. The group uses open-source tools for reconnaissance, disables security measures, and maintains persistence through various methods like cross-tenant synchronization abuse. They focus on deploying ransomware in cloud environments, particularly VMware ESXi and Azure. The attackers demonstrate deep knowledge of Western business practices and partner with other ransomware groups like BlackCat/ALPHV to enhance their capabilities.