Made up of international hackers, the Scattered Spider alliance earns the respect of Russian cybercriminals and worries the FBI.
They do not act in broad daylight, but prefer the darkness of the dark web. Young hackers from the US, UK and Canada have teamed up with Russian ransomware hackers to form the Scattered Spider gang.
In 2023, these hackers have launched attacks on hospitals, pharmaceutical industries, IT companies and even the largest hotels and casinos in Las Vegas. Amount of the slate for the victims: more than 1 billion dollars.
An organized gang, deployed across the world, colossal losses for the victims which weaken the global economy and security, there is plenty to worry about Bryan Vorndran, the senior manager of cybersecurity at the FBI. “ No matter how you interpret the numbers, this is a problem for the global economy, for the American economy and for American security. », he worried to CBS News. A major threat not to be taken lightly.
Scattered Spider, from birth to alliance with BlackCat
Predominantly English-speaking, the gang, called Scattered Spider by the FBI, is recognized for its ransomware attacks and its expertise. Its members speak different languages perfectly and know how to blend into the local cultures of the countries they target. The group is part of an online subculture called “the Community” or “the Com”, which includes thousands of members, mostly men under the age of 25, and even teenagers. The group is also known as Star Fraud, UNC3944 and Octo Tempest, and has made a name for itself by hacking companies such as Microsoft, NVIDIA and Electronic Arts.
Their notoriety led to an alliance with Russian group BlackCat, also known as ALPHV. BlackCat, which is made up of former members of DarkSide/BlackMatter, responsible for the attack on Colonial Pipeline in 2021, considers Scattered Spider to be a ” force multiplier » for its operations. Together, they share skills, platforms and malware to carry out devastating ransomware attacks.
Jon DiMaggio, senior security strategist for Analyst1, called this phenomenon “ rebranding “. This specialist in ransomware and the relationships between various cybercriminal groups, explained that in the ransomware-as-a-service model, there is a central group that acts as a service provider, providing all attack resources and services. necessary to facilitate their operation. Then there are the hackers who act as subcontractors for them.
Robberies at the Ocean’s Eleven which make the NSA react
In September 2023, a ransomware attack orchestrated by cybercriminal groups Scattered Spider and BlackCat cost MGM Resorts more than $100 million. This attack disrupted operations at several prominent hotels and casinos on the Las Vegas Strip, including the MGM Grand, Aria, Mandalay Bay, New York New York and the Bellagio. The consequences were devastating, with thousands of slot machines stopping working, elevators, parking gates and digital door keys malfunctioning, and reservations blocked. A month after the attack, at a conference, MGM Resorts CEO Bill Hornbuckle admitted that the disruptions had been devastating.
Hackers demanded $30 million to unlock MGM data. The company refused, but suffered an estimated $100 million in lost revenue, plus millions more to rebuild its servers. To infiltrate MGM’s network, hackers focused on one employee by collecting information from the dark web and open sources, such as LinkedIn. They were able to convince MGM tech support to reset the employee’s password, allowing hackers to break into MGM’s computers and unleash destructive malware.
Russian ransomware has become such a threat that the National Security Agency’s elite cyber warriors have joined the fight. Rob Joyce, former director of cybersecurity at the NSA, said the Colonial Pipeline attack was a wake-up call, a veritable declaration of war between the Scattered Spider gang and the authorities.
Source : CBS News
0