Scattered Spider gang feigns retirement breaks into bank The Register

pSpiders dont change their stripes Despite gang members recent retirement claims Scattered Spider hasnt exited the cybercrime business and instead has shifted focus to the financial sector with a recent digital intrusion at a US bankppIn an update to an earlier threat intelligence report about ShinyHunters string of Salesforcerelated heists along with that crime crews collab with Scattered Spider ReliaQuest researchers said that their recently uncovered evidence suggests that Scattered Spider didnt go dark after allppIn our original investigation posted on August 12 2025 ReliaQuest predicted that the Scattered Spider hacking collective linked to ShinyHunters would soon shift their focus to the financial sector the infosec analysts wrote ppReliaQuest has now observed this targeting in action marked by an increase in domains potentially linked to the group focusing on the finance sector as well as a recently identified targeted intrusion against a US banking organization the Monday update continuedppThe criminals gained initial access in their usual manner social engineering an executives account and resetting the password via Microsoft Entra ID formerly Azure Active Directory selfservice password resetppThen they used this access to snoop through sensitive IT and security documents and move laterally through the banks Citrix environment and VPN As they have done in other intrusions Scattered Spider also compromised VMware ESXi infrastructure to dump employee credentials and further infiltrate the financial orgs network ppTo escalate privileges the attacker reset a Veeam service account password assigned Azure Global Administrator permissions and relocated virtual machines to evade detection ReliaQuest added Evidence also points to attempted data exfiltration from Snowflake AWS and other repositories underscoring their intent to extract sensitive informationppPlus this bank breakin happened after Scattered Spider and other ransomware slingers said they were getting out of the business Despite these claims their TTPs and IOCs are still surfacing showing that the threat remains active and evolving the threat hunters notedppOf course they wouldnt be the first group to pull an exit scam remember ALPHVBlackCat after the Change Healthcare attack last year And Scattered Spider seemingly took a break from its criminal operations for a stint following its highprofile casino heists in 2023 which put a huge target on these criminals collective backs and led to the arrests of at least seven of its membersppPlus as Rex Booth chief information security officer at identityfocused security shop SailPoint told The Register ultimately whether one group of criminals retires or not doesnt really matter to the victimsppRansomware and digital crime are opportunity driven and if one gang steps aside a new one will eagerly take their place Booth said We need to focus on prevention more than personalities ppSend us newsppThe Register Biting the hand that feeds ITpp
Copyright All rights reserved 19982025

p