The Register reports:
The call came into the help desk at a large US retailer. An employee had been locked out of their corporate accounts.
But the caller wasn’t actually a company employee. He was a Scattered Spider criminal trying to break into the retailer’s systems – and he was really good, according to Jon DiMaggio, a former NSA analyst who now works as a chief security strategist at Analyst1.
Scattered Spider is a cyber gang linked to SIM swapping, fake IT calls, and ransomware crews like ALPHV. They’ve breached big names like MGM and Caesars, and despite arrests, keep evolving. They’re tracked by Mandiant as UNC3944, also known as Octo Tempest.
DiMaggio listened in on this call, which was one of the group’s recent attempts to infiltrate American retail organizations after hitting multiple UK-based shops. He won’t name the company, other than to say it’s a “big US retail organization.” This attempt did not end with a successful ransomware infection or stolen data.
“But I got to listen to the phone calls, and those guys are good,” DiMaggio told The Register. “It sounded legit, and they had information to make them sound like real employees.”
Read more at The Register.
