One significant distinction between certain members of the dispersed spider hacking community and their ransomware counterparts is their accent.
The scattered spiders are connected to the cyberattacks on the British retailer Marks & Spencer. Unlike typical ransomware attackers, the individuals involved seem to be native English speakers, rather than hailing from Russia or former Soviet nations.
This linguistic advantage supports one of their techniques, which Russian hackers may find difficult to emulate. They can infiltrate systems by calling company desks and impersonating employees or by contacting employees while posing as someone from their company desk.
“Being a native English speaker can foster immediate trust. Even internal staff and IT teams may let their guard down slightly due to perceived familiarity,”
Last November, the U.S. Department of Justice shed light on some suspected spider members by charging five individuals for targeting an unidentified American firm through a phishing text message.
The DOJ alleged that the accused sent fraudulent texts to employees, tricking them into divulging sensitive information, including company logins. This breach resulted in the theft of sensitive data, including intellectual property, and significant sums of cryptocurrency from digital wallets.
All the accused were in their 20s at the time of the allegations, with four of them aged between 20 and 25, and Tyler Buchanan, 23, from Scotland, who was extradited from Spain to the U.S. last week. He is set to appear in court in Los Angeles on May 12th.
The U.S. Cybersecurity Agency detailed the scattered spider IT desk strategy in an advisory released in 2023.
Notable ransomware victims of scattered spider attacks include casino operators MGM Resorts and Caesars Entertainment, which were targeted in 2023. Following the attacks, the West Midlands police arrested a 17-year-old in Walsall last year. They have been contacted for further updates on this incident.
The scattered spider was identified as responsible for the M&S breach by BleepingComputer, a high-tech news platform. The report indicated that the attackers employed malicious software known as Dragonforce to compromise parts of the retailer’s IT network.
These incidents are categorized as ransomware attacks because the attackers typically demand substantial payments in cryptocurrency to restore access to compromised systems. Leveraging ransomware from other gangs is a common occurrence, known as the model of ransomware-as-a-service.
Analysts from cybersecurity firm Recorded Future remarked that “scattered spiders” is more of an “umbrella term” rather than a specific group of financially motivated cybercriminals. They noted it stemmed from “The Com” rather than “monolithic entities,” and is engaged in various criminal activities, including sextortion, cyberstalking, and payment card fraud.
“We operate within a channel and affiliate marketing framework, primarily on platforms like Discord and Telegram, mostly in exclusive invitation-only channels and groups,” stated the analyst.
Ciaran Martin, former head of the UK’s National Cybersecurity Centre, remarked that scattered spiders are “unusual” given their non-Russian origins.
“The vast majority of ransomware groups originate from Russia. [Scattered Spider] seems to have utilized Russian code for this attack with Dragonforce, but notably, they appear to be based here and in the U.S., which may facilitate their arrest.” Martin, now a professor at Brabatnik Government School at Oxford University, added:
Martin further emphasized that the youthful infamy of scattered spiders should not diminish the threat they pose. “They are indeed a rare but quietly menacing group,” he noted.
Source: www.theguardian.com
Discover more from Mondo News
Subscribe to get the latest posts sent to your email.