Scattered Spider expands its roster of tactics in recent hacks

Microsoft on Wednesday said it has seen the cybercrime group Scattered Spider using new techniques in attacks on the airline, insurance and retail industries since April. 

The hacker group, which Microsoft tracks as Octo Tempest, is still using its trademark social-engineering tactics to gain access to companies by impersonating users and contacting help desks for password resets, according to the Microsoft Defender Security ResearchTeam blog post. 

But the hackers are also abusing short messaging services and using adversary-in-the-middle tactics. And in recent attacks, the threat group has deployed the DragonForce ransomware and concentrated on breaching VMWare ESX hypervisor environments. 

While Scattered Spider previously used cloud identity privileges to gain access to on-premises networks, they have recently begun targeting on-premises environments and infrastructure first before transitioning to cloud access, according to Microsoft’s blog post.

Researchers have linked Scattered Spider to a wave of attacks against U.K. and U.S. retailers over the past few months. More recently, experts say the group also has been behind a wave of attacks on insurance companies, airlines and other businesses.