5 charged in “Scattered Spider,” one of the most profitable phishing scams ever

Federal prosecutors have charged five men with running an extensive phishing scheme that allegedly allowed them to compromise hundreds of companies nationwide, gain non-public information, and steal millions of dollars in cryptocurrency.

The charges, detailed in court documents unsealed Wednesday, pertain to a crime group security researchers have dubbed Scattered Spider. Members were behind a massive breach on MGM last year that cost the casino and resort company $100 million. MGM preemptively shut down large parts of its internal networks after discovering the breach, causing slot machines and keycards for thousands of hotel rooms to stop working and slowing electronic transfers. Scattered Spider also breached the internal network of authentication provider Twilio, which allowed the group to hack or target hundreds of other companies.

Not your father’s phishing campaign

Key to Scattered Spider’s success were phishing attacks so methodical and well-orchestrated they were hard to detect even when sophisticated defenses were implemented. Microsoft researchers, who track the group under the name Octo Tempest, declared it “one of the most dangerous financial criminal groups.”

Read full article

Comments