CISA Advisory

Scattered Spider Cybercriminal Group Techniques

AA23-319A • Published November 16, 2023

Severity: critical

Scattered Spider are clever hackers who trick employees into giving them access by pretending to be IT support. They call help desks, send convincing phishing texts, and even swap SIM cards to steal login codes. Companies need to train employees to verify callers.

Overview

Advisory detailing the tactics, techniques, and procedures of the Scattered Spider threat group, known for sophisticated social engineering attacks, SIM swapping, and targeting large enterprises for ransomware deployment.

Who Is At Risk

  • Large enterprises
  • Telecommunications companies
  • Technology companies
  • Entertainment industry
  • Any organization with help desks

Is your business exposed?

Immediate Actions

  1. 1.

    Implement callback verification for IT requests

  2. 2.

    Use hardware security keys instead of SMS 2FA

  3. 3.

    Train help desk on social engineering tactics

  4. 4.

    Monitor for SIM swap indicators

  5. 5.

    Implement privileged access management

Official Source

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices