By Sead Fadilpašić

Copyright techradar

Skip to main content

Tech Radar Pro

Tech Radar Gaming

Close main menu

the business technology experts

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

View Profile

Search TechRadar

Expert Insights

Website builders

Web hosting

Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights

Don’t miss these

Enterprise security faces new challenge as attackers master art of digital impersonation

FBI warns Scattered Spider hackers are now going after airlines

Salesforce platforms are being cracked open for data theft – FBI warns of UNC6040 and UNC6395 IOCs

Aflac could be the latest US insurance giant hit by a Scattered Spider cyberattack

I am a cybersecurity pro and here’s the most powerful strategy criminals are using against retailers right now

How much do you trust your cloud? Hackers exploit weakness to target customers – here’s what we know

Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

M&S hackers claim to be behind Jaguar Land Rover cyberattack

Hackers are using fake NDAs to hit US manufacturers in major new phishing scam

Qantas reveals massive data breach – 6 million customers possibly affected, here’s what we know

Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials

Chinese hackers hit Taiwan semiconductor manufacturing in spear phishing campaign

SharePoint-ageddon attacks riddled with free Warlock ransomware – and thousands of services could be compromised

Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

Zscaler says it suffered data breach following Salesloft Drift compromise

Scattered Spider hackers return to hit more victims – despite retirement claims

Sead Fadilpašić

18 September 2025

The group said it would “go dark” – but it’s still hitting targets

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock)

Scattered Spider gang has resumed attacks, targeting a US bank despite claiming to go dark
Hackers used vishing and Okta-themed phishing to bypass MFA and exfiltrate sensitive data
Group linked to major breaches, including Salesforce leak affecting over 700 companies

It seems retirement doesn’t suit Scattered Spider, as the infamous threat actor has been observed targeting banking organizations in the US, despite claims it was “going dark”.

Security researchers ReliaQuest have published a new report claiming to have seen evidence of new activity by the hackers.
Among the evidence are multiple lookalike domains linked to the fintech vertical, as well as a victim – a US banking organization.

You may like

Enterprise security faces new challenge as attackers master art of digital impersonation

FBI warns Scattered Spider hackers are now going after airlines

Salesforce platforms are being cracked open for data theft – FBI warns of UNC6040 and UNC6395 IOCs

Social engineering
To breach the target organization, Scattered Spider apparently went for vishing (voice phishing). The group would call employees on the phone, impersonate IT staff and convince them to authorize access to malicious “connected apps”.

These apps, seemingly benign (spoofing Salesforce, or similar), allowed the miscreants to exfiltrate sensitive business data. To steal the login credentials, the attackers used Okta-themed phishing pages, successfully bypassing security controls such as multi-factor authentication.
“Scattered Spider gained initial access by socially engineering an executive’s account and resetting their password via Azure Active Directory Self-Service Password Management,” it said in the report.
“From there, they accessed sensitive IT and security documents, moved laterally through the Citrix environment and VPN, and compromised VMware ESXi infrastructure to dump credentials and further infiltrate the network.”

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Scattered Spider is one of the three groups that are allegedly behind the breaches at Jaguar Land Rover (JLR), Marks & Spencer, The Co-op, Harrods, and many others.
Recently, the group announced it was “going dark” – and some researchers believe the hackers fear a response from law enforcement, while others think this could be an easy way to rebrand or pivot.
It could be both, though. Scattered Spider is also being linked to the large Salesforce / Salesdrift data leak, as well, which seems to have affected more than 700 companies. If these claims turn out to be authentic, this would be one of the biggest breaches in recent history and, as such, would definitely draw the attention of the FBI, and possibly even the NSA.
Via The Hacker News
You might also like

Scattered Spider hackers are targeting US critical infrastructure via VMware attacks
Take a look at our guide to the best authenticator app
We’ve rounded up the best password managers

Sead Fadilpašić

Social Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Enterprise security faces new challenge as attackers master art of digital impersonation

FBI warns Scattered Spider hackers are now going after airlines

Salesforce platforms are being cracked open for data theft – FBI warns of UNC6040 and UNC6395 IOCs

Aflac could be the latest US insurance giant hit by a Scattered Spider cyberattack

I am a cybersecurity pro and here’s the most powerful strategy criminals are using against retailers right now

How much do you trust your cloud? Hackers exploit weakness to target customers – here’s what we know

Latest in Security

CrowdStrike snaps up Pangea to boost AI security

1Password and Perplexity partner on Comet AI browser – a full time personal assistant with security by default

Microsoft and Cloudflare jointly take down phishing network that stole thousands of Microsoft 365 credentials

Nvidia and a Huawei subsidiary shared a building – and now it’s being probed for Chinese espionage

Jaguar Land Rover cyber attack outage continues – systems unlikely to be online for another week

Infamous BreachForums founder will be heading to jail after all

Latest in News

A US retailer may have leaked the Xbox ROG Ally’s price – and it’s better than we thought

Scattered Spider hackers return to hit more victims – despite retirement claims

You can now buy Hisense’s mid-range 116-inch mini-LED 4K TV, because that’s a thing in today’s TV world

“A wider campaign against human rights” – Experts condemn Russia’s escalation against VPNs and encrypted apps

“Our business in China has been a bit of a rollercoaster” – Nvidia CEO “disappointed” in further Chinese ban on buying its AI chips

TEAC’s new CD transport will treat your discs with the audiophile care that makes elite turntables so beloved – unless your discs are SACD

LATEST ARTICLES

3 ways ChatGPT can help keep your house clean and organized – but you’ll still need to do the dirty work

Zoom is working on realistic avatars – and its AI companion will finally now work with Microsoft Teams and Google Meet

Vampire: The Masquerade – Bloodlines 2’s mix of vampiric abilities and detective-like investigation has piqued my interest in the long-awaited game

These triple-driver wireless earbuds look like high-end IEMs, but are priced like budget buds

Sonic Racing: CrossWorlds review: sorry, Nintendo fans, Sega’s racer is just better

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Contact Future’s experts

Terms and conditions

Privacy policy

Cookies policy

Advertise with us

Web notifications

Accessibility Statement

Future US, Inc. Full 7th Floor, 130 West 42nd Street,

Please login or signup to comment

Please wait…