Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries

NetmanageIT OpenCTI - opencti.netmanageit.com

Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries



SUMMARY :

The Scattered Spider cybercriminal group is targeting cloud infrastructures in the insurance and financial sectors using advanced techniques. They exploit leaked authentication tokens, conduct phishing and smishing campaigns, and leverage SIM swapping to bypass multi-factor authentication. The group uses open-source tools for reconnaissance, disables security measures, and maintains persistence through various methods like cross-tenant synchronization abuse. They focus on deploying ransomware in cloud environments, particularly VMware ESXi and Azure. The attackers demonstrate deep knowledge of Western business practices and partner with other ransomware groups like BlackCat/ALPHV to enhance their capabilities.

OPENCTI LABELS :

cloud,phishing,finance,ransomware,stealc,blackcat,alphv,noberus,persistence,redline stealer,vidar stealer,raccoon stealer,insurance,sim swapping


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries