Scattered Spider is a financially motivated criminal gang that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) for initial access into their target’s systems. It’s believed that they are mainly initial access brokers, which would explain why they come from so many different angles and use diverse tools, tactics, and techniques. There is often a lag between the time that they gain entry to their target’s system and the time it takes them to sell that access, lulling victims into a false sense of security.
Scattered Spider are also known for their sophistication when posing as employees contacting helpdesks. Their English skills are so strong that native speakers have a hard time detecting an issue.
The CL0P group is unique in the sense that it is not a ransomware-as-a-service group. A very small but controlled group, their size helps them maintain an aggressive posture during negotiations.
CL0P is particularly well-known for the MoveIT hack. The hackers figured out how to leverage several MoveIT vulnerabilities back in 2021 but they kept it a secret, waiting until 2023, when their intervention was fully automated, to exploit the vulnerability at scale.
Rather than see vulnerabilities and exploits as opportunities to quickly make money, they view their attack campaigns through the lens of various business strategies. The focus, persistence, and money behind their long-term attacks make them especially dangerous.
Keeping tabs on cybercriminal groups and threat intel reports can help tailor your cyber defences. Understanding a group’s tactics, techniques, and procedures can be help with negotiation and outcomes."
Data presented in this Cyber Services Snapshot is derived from global incidents reported to Beazley between Q1 2021 and Q3 2023.
The information set forth in this communication is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Although reasonable care has been taken in preparing the information set forth in this communication, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. Non-insurance products and services are provided by non-insurance company Beazley affiliates and independent third parties. Separate terms and conditions may apply.
Keeping tabs on cybercriminal groups and threat intel reports can help tailor your cyber defences. Understanding a group’s tactics, techniques, and procedures can be help with negotiation and outcomes."Joel Duquenne