Home > Security Center

Font Adjust: A | A | A
Fraud Alert

Scattered Spider

Scattered Spider

TLP:CLEAR

Summary

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Royal Canadian Mounted Police (RCMP), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Australian Federal Police (AFP), Canadian Centre for Cyber Security (CCCS), and United Kingdom’s National Cyber Security Centre (NCSC-UK)—hereafter referred to as the authoring organizations—are releasing this joint Cybersecurity Advisory in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors, subsectors, and other sectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as June 2025.

Note: Originally published Nov. 16, 2023, this advisory has been updated through several iterations:

  • Nov. 16, 2023: Initial version.
  • Nov. 21, 2023: Updated password recommendation language on page 12.
  • July 29, 2025: U.S. and international federal organizations identified new TTPs associated with the Scattered Spider cybercriminal group. In addition to new TTPs that include more sophisticated social engineering techniques, the advisory describes additional malware and ransomware variants used to exfiltrate data and encrypt targeted organizations’ systems.

Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology (IT) help desks.

Update July 29, 2025:

Per trusted third parties, Scattered Spider threat actors typically engage in data theft for extortion and also use several ransomware variants, most recently deploying DragonForce ransomware alongside their usual TTPs. While some TTPs remain consistent, Scattered Spider threat actors often change TTPs to remain undetected.

Update End

The authoring organizations encourage critical infrastructure organizations and commercial facilities to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Scattered Spider malicious activity.

Please click here to read more detail

TLP:CLEAR

This website and the articles contained within are provided as a free service to you and for general informational purposes only. Information on this website is not intended to provide legal, accounting, tax or other advice. Please consult your attorney, accountant, or financial or other advisor with regard to your individual situation. We also make no warranty or representation regarding, and do not endorse, any linked websites or the information appearing there.
© 2025 Small Business Resources.