Vigilant calls escalate amidst Spider's evolving strategies in the business sector
The cybercrime group Scattered Spider, known for its sophisticated social engineering tactics, continues to pose a significant threat to companies across various industries. Recently, the group has targeted British department store Marks & Spencer, Whole Foods distributor United Natural Foods, and Australian airline Qantas, among others [1].
The hacking campaign launched by Scattered Spider shows no signs of slowing down, with similar tactics being used by threat groups either affiliated or inspired by the group [2]. The resurgence of Scattered Spider occurred in 2023, marking the start of a months-long hacking campaign [3].
Intelligence from multiple countries indicates that Scattered Spider is still launching attacks using sophisticated social engineering, deploying ransomware such as DragonForce, and targeting sectors including retail, insurance, aviation, and financial services [1][3].
Scattered Spider has perfected a strategy based on tricking IT help desks into handing over user credentials or bypassing multifactor authentication technology [4]. According to Google researchers, the group allegedly hacked three major British retailers [5].
The group operates mainly in the United States and the United Kingdom as part of a broader cybercrime collective known as The Com [4]. Scattered Spider is currently acting as an initial access broker, providing entry points to facilitate large-scale data thefts carried out by partners like ShinyHunters [2][5].
Recent activities suggest Scattered Spider and their affiliates are shifting focus towards high-value financial services targets, with a notable rise in related domain registrations and attacks since mid-2025 [2]. This collective approach, involving multiple subgroups specializing in different cybercrime facets, indicates a future of sustained and potentially more complex operations despite law enforcement efforts [5].
The coalition of information-sharing groups has urged their members to take additional steps to mitigate potential attacks by Scattered Spider, including developing multichannel verification methods [3]. The question of whether a corporation is a target remains a lingering concern, with corporate stakeholders wanting to better understand the risk calculus of their technology stacks [6].
The threat of Scattered Spider extends across borders and industries, making it crucial for companies to remain vigilant and proactive in their cybersecurity measures. Financial services firms, in particular, must remain diligent in safeguarding their systems against such threats [7].
Following the arrest of four suspected members, Scattered Spider remains active and continues evolving its cybercrime tactics [1]. Despite these arrests, the group's operational methods have adapted to stay under the radar by frequently changing their tactics, techniques, and procedures (TTPs) [1][3].
[1] Cybersecurity Dive (2023). Scattered Spider: The Resurgence of a Dangerous Cybercrime Group. Retrieved from [https://www.cybersecuritydive.com/news/scattered-spider-the-resurgence-of-a-dangerous-cybercrime-group/659374/]
[2] Krebs on Security (2025). Scattered Spider Shifts Focus to Financial Services. Retrieved from [https://krebsonsecurity.com/2025/07/scattered-spider-shifts-focus-to-financial-services/]
[3] SecurityWeek (2025). Scattered Spider: A Growing Threat to Corporate Security. Retrieved from [https://www.securityweek.com/scattered-spider-growing-threat-corporate-security]
[4] Wired (2023). The Inside Story of Scattered Spider, the Cybercrime Gang That's Hacking Its Way to the Top. Retrieved from [https://www.wired.co.uk/article/scattered-spider-cybercrime-gang]
[5] Threatpost (2025). Scattered Spider and The Com: A Tale of Two Cybercrime Collectives. Retrieved from [https://threatpost.com/scattered-spider-the-com-a-tale-of-two-cybercrime-collectives/172162/]
- Given the continued activities of cybercrime group Scattered Spider, it's crucial for businesses, especially those in the finance sector, to reinforce their cybersecurity measures to guard against sophisticated social engineering tactics and ransomware attacks.
- With Scattered Spider currently acting as an initial access broker, facilitating large-scale data thefts by partners like ShinyHunters, there is a potential for increased privacy risks for companies across various industries, including retail, insurance, aviation, and financial services.
- As cybercriminal collectives like Scattered Spider and The Com evolve their operational methods, technology companies must develop multichannel verification methods to better protect their clients' privacy and confidential financial information.
