iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The FBI has been pursuing hackers from the infamous Scattered Spider threat group, hoping to charge them for their high-profile cyber attacks.
Scattered Spider, a unique group believed to be largely made up of individuals from the US and the UK, was founded in May 2022 and first made waves in 2023 for hacking two of the largest casinos in the US – Caesars Entertainment and MGM Resorts, the latter of which it collaborated with ALPHV (BlackCat).
In both attacks, Scattered Spider was able to bypass multifactor authentication (MFA) through the use of social engineering techniques to steal credentials.
In the cases of these attacks, Caesars forked out roughly US$15 million in ransom payments.
Now, speaking with Reuters, the FBI has said it is seeking to charge the hackers behind the attacks.
"We are working towards charging individuals where we can with criminal conduct, in this case, largely around the Computer Fraud and Abuse Act,” FBI cyber deputy assistant director Brett Leatherman said in an interview with Reuters.
The FBI has had its eye on Scattered Spider since its origin in 2022, noting that it is particularly aggressive compared to other threat groups, threatening physical violence in some of its chats.
Additionally, it has shown particular capabilities in stealing IT helpdesk identities in order to breach networks.
Leatherman also noted the uniqueness of the Scattered Spider hackers working with ALPHV, a Russian group.
“Often, we don’t see that mingling of geographical hackers working together outside the confines of like hacktivism, for example,” he said.
The group’s high number of aggressive and high-profile cyber attacks has attracted criticism at the lack of response from law enforcement, particularly as the group is US- and UK-based.
So far, only one individual known to be a Scattered Spider member has been arrested, Florida-based Noah Urban, 19, who was charged with wire fraud.
However, Leatherman said the FBI was working with private security firms to gather information on the group.
“This is an incredibly important group for us to continue to look at disruption opportunities for,” he said.
“We have a certain burden of proof we have to meet to conduct law enforcement operations. And we are heading in that direction as quickly as we can.”
Leatherman said that some of the members are juveniles but that the use of state and local laws to bring them down has been “historically very, very effective”.
Be the first to hear the latest developments in the cyber industry.
