Showing posts from August, 2023

Tracking Adversaries: Scattered Spider, the BlackCat affiliate

After tracking the cybercrime threat landscape on a day-to-day basis for over four years now, it’s not that often anymore that something surprises me. But the latest trend of a suspected English-speaking big game hunting cybercriminal group, tracked under the moniker as Scattered Spider by CrowdStrike or 0ktapus by Group-IB, teaming up with a Russian-speaking ransomware group known as BlackCat (or ALPHV) has caught my attention. Background on Scattered Spider CrowdStrike introduced Scattered Spider in December 2022 and shared an update in January 2023 . These financially motivated English-speaking threat actors are known for their unique style of attacks, which usually all begin the same way, either via an SMS phishing message to harvest credentials or via an old school (yet still very effective) social engineering vishing call to get credentials or get the target to download malicious software and provide access. Other tricks Scattered Spider is known for includes multi-factor

Hacktivists: Liars and Morons

Welcome to the world of hacktivism, where technology and activism collide. Verifying and researching hacktivist claims can be a challenging and time-consuming endeavour. The sheer volume of claims made by various hacktivist groups and individuals can be overwhelming. With numerous events occurring simultaneously, resources can be strained when attempting to fact-check each claim thoroughly.  Hacktivist activities can involve digital intrusions such as website defacements or data theft. These intrusions may leave limited residual forensic evidence. However, these digital artifacts are often ephemeral and are rarely shared publicly for cross examination. DDoS attacks can be even harder to verify as a third-party without access to the website or infrastructure's logs. This lack of transparency makes it challenging to confirm the authenticity and scope of many hacktivist actions.  This difficulty in promptly verifying and debunking claims can lead to misinformation spreading unchecked.