Scattered Spider

MITRE G1015Also known as Scattered Lapsus$ Hunters
Reports
15
First seen
Sep 14
Last seen
Jun 25
Motivation
financial, financial extortion, financial crime, account takeovers, soci

Targeting

Sectors
transportation logistics ×3technology ×1hospitality ×1financial services ×1
Victim regions
United Kingdom ×3United States ×3

Top ATT&CK techniques

T1190 Exploit Public-Facing Application ×7T1566 Phishing ×7T1486 Data Encrypted for Impact ×5T1041 Exfiltration Over C2 Channel ×5T1555 Credentials from Password Stores ×4T1078 Valid Accounts ×4T1598 Phishing for Information ×3T1021 Remote Services ×3T1567 Exfiltration Over Web Service ×3T1005 Data from Local System ×3T1598.004 Spearphishing Attachment ×2T1136 Create Account ×2

Indicators

cve ×7filename ×7domain ×6url ×1

Indicator values are available on Pro and via the API.

Associated CVEs

Recent reports

High

ThreatsDay Bulletin: Smart TV Proxyware, curl Vulnerabilities, API Platform Flaws, and Ransomware Trends

The Hacker News
High

Scattered Spider Members Plead Guilty in Transport for London Cyberattack

KrebsOnSecurity
High

Scattered Spider members plead guilty to hacking Transport for London

Bleeping Computer
High

Two Scattered Spider members plead guilty in Transport for London cyberattack

The Record (Recorded Future News)
Critical

DragonForce ransomware uses custom Backdoor.Turn malware to hide C2 traffic in Microsoft Teams relays

Bleeping Computer
High

Threats to the 2026 FIFA World Cup: Physical Security, Cyber, and Influence Operations Risk Assessment

Recorded Future Insikt
Info

Inside the RaaS Ecosystem: Operators, Affiliates & Attack Tradecraft

Huntress Blog
High

CrowdStrike 2026 Financial Services Threat Landscape Report Overview

CrowdStrike Blog
High

'Scattered Spider' member pleads guilty to wire fraud and identity theft

KrebsOnSecurity
Medium

Why LinkedIn is a hunting ground for threat actors – and how to protect yourself

ESET WeLiveSecurity
High

Risky Business #810 — Data extortion attacks have a silver lining

Risky Business
High

Risky Business #799 — Multiple critical vulnerabilities and breaches across tech vendors

Risky Business
High

Infostealers Crash Course: A Tradecraft Tuesday Recap

Huntress Blog
unrated

Scattered Spider hijacking MX records; Lumma Stealer, Qakbot takedowns

Risky Business
High

Spidering Through Identity for Profit and Disruption

Huntress Blog

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.