Palo Alto Networks has uncovered a new breed of cyberattacks led by groups known by names like Scattered Spider, UNC3944, or ALPHV. These hackers believed to be young individuals from Western countries, employ advanced impersonation techniques to breach major corporations. This trend suggests that as the digital-native Gen Z enters the scene, cybercrime is poised to evolve, heralding a new era of sophisticated digital threats.
The New Mission: More Than Just Financial Gains
Fluent in English, Gen Z hackers would impersonate employees, contacting company IT helpdesks to retrieve login credentials. Once inside, they swiftly accessed and extorted sensitive data. This group, known by names like Scattered Spider and UNC3944, displayed exceptional skills in social engineering, surpassing many cybercriminals in sophistication.
Scattered Spider background: Scattered Spider, also referred to as UNC3944, Scatter Swine, or Muddled Libra, is a hacking group mostly made up of individuals aged 19 to 22. Scattered Spider is believed to be primarily made up of operatives based in both the United States and the United Kingdom. The US FBI is investigating the cybercrime organization.
These Gen Z hackers were thrust into the limelight recently for breaching the systems of two of the world’s largest gambling companies – MGM Resorts and Caesars Entertainment.
The FBI is probing these breaches, with both companies remaining silent on the culprits. Security firms, including CrowdStrike and Mandiant, have tracked numerous attacks by this group worldwide, predominantly in the U.S. They’ve targeted diverse sectors, from finance to media.
Their modus operandi is not just about the scale but their proficiency and ruthless approach. They’re swift in breaching systems, leaving threatening messages, and even resorting to tactics like SWATing, where they falsely report emergencies to send armed police to executives’ homes.
Kevin Mandia of Mandiant believes their motives revolve around power and notoriety rather than just financial gain.
Young And Impudent
Details about Scattered Spider‘s identity are scanty. Insights from breach investigations suggest they are young individuals, primarily from Western countries. Based on the criminals’ chats with victims and clues gleaned from breach investigations, CrowdStrike‘s Meyers said they are largely 17-22 years old.
Mandiant estimates they’re mainly from Western countries, but it’s unclear how many people are involved. They employ tactics like ‘SIM swapping’ and meticulously study large organizations to target individuals with privileged access. David Bradbury of Okta observed that these hackers have extensively studied Okta‘s online courses and products.
Another group, ALPHV, claimed responsibility for the MGM hack, indicating a collaboration with Scattered Spider. Such partnerships are common in the cybercrime world, with ALPHV providing tools and services for Scattered Spider‘s operations.
The MGM hack highlighted the tangible repercussions of such cyberattacks, causing disruptions in Las Vegas. Ransomware groups continue to adapt, evolving their methods to counter the latest security measures. Whitmore of Palo Alto Networks likened Scattered Spider to another group, Lapsus$, responsible for previous hacks into Okta, Microsoft, or Uber.
In March 2022, the British police arrested seven people between the ages of 16 and 21 suspected of connections to Lapsus$.
Share Information
If you have any information about hackers and their activities, please let us know via our whistleblower system, Whistle42.