A notorious hacking group known as Scattered Spider has expanded its cybercrime activities to include targeting banks and insurance companies, following previous attacks on major casinos in the United States, according to researchers. The group, which emerged in May 2022, has recently compromised at least two insurance firms as part of a larger campaign that has targeted 29 companies since April 20.
Among the high-profile targets of Scattered Spider’s recent attacks are financial giants such as Visa, PNC Financial Services Group, Transamerica, New York Life Insurance, and Synchrony Financial. The group’s modus operandi involves leveraging social engineering techniques to obtain sensitive information from call center employees and IT help desk staff, often resorting to aggressive tactics such as impersonation and threats of physical violence against victims.
Scattered Spider gained notoriety last year for disrupting casinos in Las Vegas, Atlantic City, and other locations by compromising digital room keys, check-in systems, slot machines, and card payments. In addition to targeting casinos, the group also launched attacks on crypto firm Coinbase and manufacturer Clorox, resulting in a shortage of cleaning supplies in US stores.
The group, believed to consist of teenagers and young adults in various countries, has experienced fluctuations in its activities, with a lull between December and February before ramping up its operations. Resilience Cyber Insurance Solutions identified the group’s self-designation as Star Fraud, operating under a larger criminal organization known as The Com.
In its latest attacks, Scattered Spider deployed phishing tactics by creating fake login pages resembling those of targeted companies, including lookalike domains and branded as Okta or content-management systems. Okta, a centralized identity and access management company, has been proactive in notifying customers about fake login pages to prevent credential theft. The MGM and Caesars attacks were carried out by targeting the companies’ Okta installations, as revealed by security researchers.
Although the FBI has identified several members of Scattered Spider, including a 19-year-old suspect named Noah Urban from Florida who was charged with wire fraud offenses in January, arrests have not been made due to resource constraints. FBI cyber deputy assistant director Brett Leatherman emphasized the agency’s ongoing efforts to gather evidence and pursue criminal charges against the hackers responsible for the cyberattacks.
According to Google’s Mandiant security unit, Scattered Spider has successfully targeted over 100 organizations in the past two years, highlighting the group’s persistence and ability to evade law enforcement. As the cybercriminal landscape continues to evolve, authorities and private firms are collaborating to combat cyber threats and protect businesses and consumers from the growing risk of cyberattacks.