FlagThis

← All Threat Actors
Threat Actor Profile

Scattered Spider

0ktapus DEV-0971 G1015 Muddled Libra Octo Tempest Oktapus Roasted 0ktapus Scatter Swine Scattered Swine Starfraud Storm-0875 Storm-0971 UNC3944
▲ High Threat
Scattered Spider, a highly active hacking group, has made headlines by targeting more than 130 organizations, with the number of victims steadily increasing.
Origin

Known TTPs

Phishing for Information
Disable or Modify Tools
Code Signing
Conditional Access Policies
Cloud Infrastructure Discovery
Ingress Tool Transfer
Email Forwarding Rule
Spearphishing Link
Valid Accounts
NTDS
Exfiltration Over C2 Channel
Domain Account
Trust Modification
Account Discovery
Email Hiding Rules
Social Media Accounts
Steal Web Session Cookie
Tool
Private Keys
Gather Victim Identity Information
Cloud Service Dashboard
Data Encrypted for Impact
Unix Shell
External Remote Services
SSH
User Execution
Multi-Factor Authentication
Impersonation
Domains
System Network Configuration Discovery
File and Directory Discovery
Systemd Service
Remote Desktop Software
Financial Theft
Code Repositories
Additional Cloud Roles
Permission Groups Discovery
Multi-Factor Authentication Request Generation
System Information Discovery
Remote Desktop Protocol
Account Manipulation
Messaging Applications
Exploitation for Privilege Escalation
Proxy
Data from Cloud Storage
Browser Information Discovery
Direct Volume Access
Create Account
Inhibit System Recovery
Remote System Discovery
Domain Groups
PowerShell
Password Managers
Exfiltration to Cloud Storage
Spearphishing Voice
Data Staged
Cloud Accounts
Clear Mailbox Data
Cloud Services
Protocol Tunneling
Create Cloud Instance
Credentials In Files
Email Collection
Malware

External Resources

MITRE ATT&CK Groups ↗ CISA Advisories ↗ Mandiant APT Groups ↗

Related Intelligence

Hacking the mainframe…
LINK COPIED TO CLIPBOARD