Jessica Lyons reports:
The call came into the help desk at a large US retailer. An employee had been locked out of their corporate accounts.
But the caller wasn’t actually a company employee. He was a Scattered Spider criminal trying to break into the retailer’s systems – and he was really good, according to Jon DiMaggio, a former NSA analyst who now works as a chief security strategist at Analyst1.
Scattered Spider is a cyber gang linked to SIM swapping, fake IT calls, and ransomware crews like ALPHV. They’ve breached big names like MGM and Caesars, and despite arrests, keep evolving. They’re tracked by Mandiant as UNC3944, also known as Octo Tempest.
DiMaggio listened in on this call, which was one of the group’s recent attempts to infiltrate American retail organizations after hitting multiple UK-based shops.
Read more at The Register.