Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Phishing Attacks Targeted Facebook Users With Fake Verification Offer

July 7, 2026

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029

July 7, 2026

Suspected Chinese Threat Group Targets Universities

July 7, 2026
Facebook X (Twitter) Instagram
Tuesday, July 7
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Scattered Spider’s Structure More Like a Cybercrime Collective
News

Scattered Spider’s Structure More Like a Cybercrime Collective

Team-CWDBy Team-CWDJuly 7, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Scattered Spider has been reclassified as a decentralized cybercrime collective composed of independent clusters rather than a single, organized threat group.

Group-IB analysis, published on June 7, challenges the traditional view of the activity as one coordinated operation, arguing that multiple actors share tactics, tools and communities while operating separately.

The firm said this model helps explain why activity attributed to Scattered Spider has continued despite arrests and disruption efforts targeting some alleged members.

The group, also tracked under names including 0ktapus, Muddled Libra, Octo Tempest and UNC3944 by different security vendors, has been linked to several high-profile incidents since 2022.

Read more on Scattered Spider attacks: Alleged Scattered Spider Member Extradited to US

A Collective Connected by Tactics Rather Than Structure

Group-IB’s research argued that Scattered Spider does not operate with a central hierarchy or shared leadership structure. Instead, the firm described it as a set of smaller clusters connected through common techniques, tools and online communities.

The analysis compared the structure to that of the Anonymous hacktivist collective, in which separate groups operate under a shared identity without necessarily coordinating directly.

The report also said that some activity previously attributed to Scattered Spider may have been carried out by unrelated actors.

Group-IB specifically distinguished its 0ktapus tracking from the cluster linked to the Marks & Spencer and Co-op attacks, stating there is no evidence they were operated by the same individuals.

The firm identified several recurring targeting patterns across observed clusters, including:

  • Employees at technology and communications companies used as access points

  • Mobile carrier staff targeted for SIM swapping operations

  • Cryptocurrency users targeted through fraud campaigns

  • Enterprises compromised for extortion and ransomware activity

Social Engineering Remains Central to Operations

Despite differences between clusters, Group-IB found that social engineering remains a common thread across Scattered Spider activity. Attackers frequently impersonate IT, security or human resources teams to persuade employees to provide credentials or access.

The research found that attackers commonly use phishing pages impersonating identity providers, including Okta, Microsoft, Citrix and Google.

Group-IB also observed some clusters combining enterprise compromises with cryptocurrency theft operations. Attackers used stolen credentials, SIM swaps and phishing campaigns to target cryptocurrency users while also compromising organizations to gather intelligence on potential victims.

The report noted that some clusters have also used commercial remote access tools such as AnyDesk and recruited insiders at telecommunications companies to assist with unauthorized access.

Group-IB concluded that Scattered Spider’s decentralized nature means arrests targeting individual members are unlikely to eliminate the broader threat. 

Instead, organizations should focus on defending against the shared tactics used across clusters, particularly identity-based attacks and social engineering attempts.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleCitrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Next Article Hackers Exploit Maximum Severity Adobe ColdFusion Flaw
Team-CWD
  • Website

Related Posts

News

Phishing Attacks Targeted Facebook Users With Fake Verification Offer

July 7, 2026
News

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029

July 7, 2026
News

Suspected Chinese Threat Group Targets Universities

July 7, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

2025’s most common passwords were as predictable as ever

January 21, 2026

Watch out for SVG files booby-trapped with malware

September 22, 2025

Beware of Winter Olympics scams and other cyberthreats

February 2, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.