• Business

    Scattered Spider hackers return to hit more victims – despite retirement claims

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    Scattered Spider hackers return to hit more victims - despite retirement claims

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    Enterprise security faces new challenge as attackers master art of digital impersonation

    FBI warns Scattered Spider hackers are now going after airlines

    Salesforce platforms are being cracked open for data theft – FBI warns of UNC6040 and UNC6395 IOCs

    Aflac could be the latest US insurance giant hit by a Scattered Spider cyberattack

    I am a cybersecurity pro and here’s the most powerful strategy criminals are using against retailers right now

    How much do you trust your cloud? Hackers exploit weakness to target customers – here’s what we know

    Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity

    M&S hackers claim to be behind Jaguar Land Rover cyberattack

    Hackers are using fake NDAs to hit US manufacturers in major new phishing scam

    Qantas reveals massive data breach – 6 million customers possibly affected, here’s what we know

    Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials

    Chinese hackers hit Taiwan semiconductor manufacturing in spear phishing campaign

    SharePoint-ageddon attacks riddled with free Warlock ransomware – and thousands of services could be compromised

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    Zscaler says it suffered data breach following Salesloft Drift compromise

    Scattered Spider hackers return to hit more victims – despite retirement claims

    Sead Fadilpašić

    18 September 2025

    The group said it would “go dark” – but it’s still hitting targets

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Shutterstock)

    Scattered Spider gang has resumed attacks, targeting a US bank despite claiming to go dark
    Hackers used vishing and Okta-themed phishing to bypass MFA and exfiltrate sensitive data
    Group linked to major breaches, including Salesforce leak affecting over 700 companies

    It seems retirement doesn’t suit Scattered Spider, as the infamous threat actor has been observed targeting banking organizations in the US, despite claims it was “going dark”.

    Security researchers ReliaQuest have published a new report claiming to have seen evidence of new activity by the hackers.
    Among the evidence are multiple lookalike domains linked to the fintech vertical, as well as a victim – a US banking organization.

    You may like

    Enterprise security faces new challenge as attackers master art of digital impersonation

    FBI warns Scattered Spider hackers are now going after airlines

    Salesforce platforms are being cracked open for data theft – FBI warns of UNC6040 and UNC6395 IOCs

    Social engineering
    To breach the target organization, Scattered Spider apparently went for vishing (voice phishing). The group would call employees on the phone, impersonate IT staff and convince them to authorize access to malicious “connected apps”.

    These apps, seemingly benign (spoofing Salesforce, or similar), allowed the miscreants to exfiltrate sensitive business data. To steal the login credentials, the attackers used Okta-themed phishing pages, successfully bypassing security controls such as multi-factor authentication.
    “Scattered Spider gained initial access by socially engineering an executive’s account and resetting their password via Azure Active Directory Self-Service Password Management,” it said in the report.
    “From there, they accessed sensitive IT and security documents, moved laterally through the Citrix environment and VPN, and compromised VMware ESXi infrastructure to dump credentials and further infiltrate the network.”

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    Scattered Spider is one of the three groups that are allegedly behind the breaches at Jaguar Land Rover (JLR), Marks & Spencer, The Co-op, Harrods, and many others.
    Recently, the group announced it was “going dark” – and some researchers believe the hackers fear a response from law enforcement, while others think this could be an easy way to rebrand or pivot.
    It could be both, though. Scattered Spider is also being linked to the large Salesforce / Salesdrift data leak, as well, which seems to have affected more than 700 companies. If these claims turn out to be authentic, this would be one of the biggest breaches in recent history and, as such, would definitely draw the attention of the FBI, and possibly even the NSA.
    Via The Hacker News
    You might also like

    Scattered Spider hackers are targeting US critical infrastructure via VMware attacks
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    Enterprise security faces new challenge as attackers master art of digital impersonation

    FBI warns Scattered Spider hackers are now going after airlines

    Salesforce platforms are being cracked open for data theft – FBI warns of UNC6040 and UNC6395 IOCs

    Aflac could be the latest US insurance giant hit by a Scattered Spider cyberattack

    I am a cybersecurity pro and here’s the most powerful strategy criminals are using against retailers right now

    How much do you trust your cloud? Hackers exploit weakness to target customers – here’s what we know

    Latest in Security

    CrowdStrike snaps up Pangea to boost AI security

    1Password and Perplexity partner on Comet AI browser – a full time personal assistant with security by default

    Microsoft and Cloudflare jointly take down phishing network that stole thousands of Microsoft 365 credentials

    Nvidia and a Huawei subsidiary shared a building – and now it’s being probed for Chinese espionage

    Jaguar Land Rover cyber attack outage continues – systems unlikely to be online for another week

    Infamous BreachForums founder will be heading to jail after all

    Latest in News

    A US retailer may have leaked the Xbox ROG Ally’s price – and it’s better than we thought

    Scattered Spider hackers return to hit more victims – despite retirement claims

    You can now buy Hisense’s mid-range 116-inch mini-LED 4K TV, because that’s a thing in today’s TV world

    “A wider campaign against human rights” – Experts condemn Russia’s escalation against VPNs and encrypted apps

    “Our business in China has been a bit of a rollercoaster” – Nvidia CEO “disappointed” in further Chinese ban on buying its AI chips

    TEAC’s new CD transport will treat your discs with the audiophile care that makes elite turntables so beloved – unless your discs are SACD

    LATEST ARTICLES

    3 ways ChatGPT can help keep your house clean and organized – but you’ll still need to do the dirty work

    Zoom is working on realistic avatars – and its AI companion will finally now work with Microsoft Teams and Google Meet

    Vampire: The Masquerade – Bloodlines 2’s mix of vampiric abilities and detective-like investigation has piqued my interest in the long-awaited game

    These triple-driver wireless earbuds look like high-end IEMs, but are priced like budget buds

    Sonic Racing: CrossWorlds review: sorry, Nintendo fans, Sega’s racer is just better

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like