Microsoft: Scattered Spider Widens Web With RansomHub & Qilin

  /     /     /  
Publicated : 23/11/2024   Category : security

Microsoft: Scattered Spider Widens Web With RansomHub & Qilin


The gang already uses varied tools in its attacks, such as phishing, SIM swapping, and MFA fatigue.


Octo Tempest, a threat actor
also known as Scattered Spider,
has added RansomHub and Qilin to its repository for use in attacks,
Microsofts Threat Intelligence Team
is warning.
The gang, which first arrived on the scene in 2022, is known for its social engineering techniques, which Microsoft describes as sophisticated, as well as identity compromises, targeting of VMware ESXi servers, and deployment of BlackCat ransomware. It was also infamously behind the massive
ransomware attacks on Caesars Palace and MGM Entertainment
last year.
Other tactics, techniques, and procedures (TTPs) the group is known to use include impersonating IT employees to deceive company staff into providing credentials or gaining persistence using remote access tools, as well as phishing, MFA bombing, and SIM swapping.
Qilin ransomware also surfaced in 2022 under a different name, Agenda, but quickly rebranded. The group is known to have targeted and claimed more than 130 companies, demanding ransoms from as low as $25,000 and well into millions, and is developing a customizable Linux encryptor to target VMware ESXi servers, according to Microsoft.
RansomHub,
meanwhile, is a ransomware-as-a-service (RaaS) offering that is becoming increasingly favored by threat actors, making it one of the most widespread ransomware families today, the tech giant said via X.
Octo Tempest accounts for a significant number of the investigations that the Microsoft team covers, it said, and has dominated incident response engagements it has received since first gaining attention through its
oktapus campaign
, which targeted over 130 well-known organizations.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Microsoft: Scattered Spider Widens Web With RansomHub & Qilin