Sun. Apr 2nd, 2023

The hackers who reportedly hit greater than 130 organizations final 12 months and stole the credentials of virtually 10,000 workers are nonetheless concentrating on a number of tech and online game firms, in response to a report obtained by TechCrunch.

The report, ready by cybersecurity agency CrowdStrike, calls the hackers “Scattered Spider.” In a earlier publicly accessible report, the corporate stated this group is also referred to as “Roasted 0ktapus” in an obvious reference to the report printed by Group-IB, one other cybersecurity agency, final 12 months.

Stories just like the one obtained by TechCrunch are ready by menace intelligence firms for his or her prospects, with the concept of alerting them to hackers who’re both concentrating on the purchasers immediately, or different firms in the identical sector. Within the report, CrowdStrike notes that it has restricted visibility into the hacking marketing campaign provided that it has no “further forensic artifacts,” referring to information it obtained immediately from focused organizations. That’s why the corporate admits it has “low confidence” in its evaluation that that is exercise by Scattered Spider.

Two cybersecurity insiders, who requested to stay nameless as they weren’t licensed to talk to the press, stated that the understanding inside the trade is that Scattered Spider is identical group as 0ktapus.


“Scattered Spider continued deploying quite a few phishing pages in January 2023. CrowdStrike Intelligence assesses the adversary has possible expanded its goal scope to incorporate know-how sector firms specializing in gaming or monetary software program, whereas sustaining a previous deal with enterprise course of outsourcing (BPO) firms and mobile suppliers,” learn the report, which isn’t publicly accessible.

It’s unclear if this is identical group that hacked Riot Video games final month, however in an inventory of phishing domains included within the CrowdStrike report, there’s one which was clearly made to focus on the online game large provided that it consists of the title of the corporate within the URL.

Among the many phishing domains, there’s additionally others tailor-made to impersonate online game makers Roblox and Zynga; e-mail advertising and e-newsletter large Mailchimp and its mum or dad firm Intuit; Salesforce; Comcast; and Grubhub. TaskUs, a contractor that gives customer support for firms, together with Mailchimp, Intuit and different tech giants, was additionally on the record.

In January, Mailchimp disclosed that it had been hacked — the second hack towards the corporate in six months. On the time, Mailchimp stated the hackers focused its workers through phishing. It’s unclear if this incident is tied to the actions of Scattered Spider. Mailchimp didn’t reply to a request for remark.

Riot declined to remark.

Roblox, Zynga, TaskUs, Intuit, Salesforce, Comcast, and Grubhub didn’t instantly reply to a request for remark.

The report stated that “the bulk” of the hacking group’s phishing pages had been designed to imitate Okta login portals, “whereas a a lot smaller quantity impersonated Microsoft.”

CrowdStrike didn’t reply to a request for commment.

Leave a Reply

Your email address will not be published. Required fields are marked *