FBI, CISA warn of more Scattered Spider attacks to come
3 minute readPublished: Wednesday, July 30, 2025 at 1:06 pm
FBI and CISA Warn of Impending Cyberattacks by Scattered Spider
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting businesses to anticipate an increase in cyberattacks from the notorious hacking group known as Scattered Spider. This warning follows a pattern of attacks targeting various sectors, including retail and insurance companies.
Scattered Spider, also known as Okto Tempest, is recognized for its sophisticated and aggressive tactics. The group is evolving its methods, employing advanced social engineering techniques, such as impersonating employees to manipulate IT help desks into resetting passwords and transferring multi-factor authentication (MFA) tokens to attacker-controlled devices. They are also incorporating new malware, including RattyRAT for stealthy access and DragonForce ransomware to encrypt systems and demand payment.
The group's attacks often involve double extortion, where sensitive data is stolen and exfiltrated before the target infrastructure is encrypted. They utilize platforms like MEGA.nz and Amazon S3 to store stolen files and have been known to query Snowflake environments to quickly extract large volumes of data. To maintain anonymity, Scattered Spider creates fake identities, monitors internal communications, and even joins incident response calls to understand defensive strategies.
CISA is urging organizations to take proactive measures to protect themselves. These include implementing phishing-resistant MFA, auditing and restricting remote access tools, monitoring for risky logins and unusual account behavior, maintaining offline and encrypted backups, segmenting networks, and patching known vulnerabilities.
BNN's Perspective: While the sophistication of these attacks is concerning, the recommendations from CISA offer a practical framework for businesses to bolster their defenses. The focus on phishing-resistant MFA and proactive monitoring is a sensible approach to mitigating the risks posed by groups like Scattered Spider. It is crucial for organizations to prioritize these measures to safeguard their data and operations.
Keywords: Scattered Spider, cyberattacks, FBI, CISA, ransomware, social engineering, MFA, phishing, DragonForce, RattyRAT, cybersecurity, data breaches, security, hacking, Okto Tempest