Close Menu
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
What's Hot

Scattered Spider’s Structure More Like a Cybercrime Collective

July 7, 2026

Ctrl Wallet to shut weeks after security exploit

July 7, 2026

Analysts see more upside for SpaceX as post-IPO research begins

July 7, 2026
Facebook X (Twitter) Instagram
Recession Profit AlertsRecession Profit Alerts
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
Recession Profit AlertsRecession Profit Alerts
Home»Security»Scattered Spider’s Structure More Like a Cybercrime Collective
Scattered Spider’s Structure More Like a Cybercrime Collective
Security

Scattered Spider’s Structure More Like a Cybercrime Collective

July 7, 2026No Comments3 Mins Read

Scattered Spider has been reclassified as a decentralized cybercrime collective composed of independent clusters rather than a single, organized threat group.

Group-IB analysis, published on June 7, challenges the traditional view of the activity as one coordinated operation, arguing that multiple actors share tactics, tools and communities while operating separately.

The firm said this model helps explain why activity attributed to Scattered Spider has continued despite arrests and disruption efforts targeting some alleged members.

The group, also tracked under names including 0ktapus, Muddled Libra, Octo Tempest and UNC3944 by different security vendors, has been linked to several high-profile incidents since 2022.

Read more on Scattered Spider attacks: Alleged Scattered Spider Member Extradited to US

A Collective Connected by Tactics Rather Than Structure

Group-IB’s research argued that Scattered Spider does not operate with a central hierarchy or shared leadership structure. Instead, the firm described it as a set of smaller clusters connected through common techniques, tools and online communities.

The analysis compared the structure to that of the Anonymous hacktivist collective, in which separate groups operate under a shared identity without necessarily coordinating directly.

The report also said that some activity previously attributed to Scattered Spider may have been carried out by unrelated actors.

Group-IB specifically distinguished its 0ktapus tracking from the cluster linked to the Marks & Spencer and Co-op attacks, stating there is no evidence they were operated by the same individuals.

The firm identified several recurring targeting patterns across observed clusters, including:

  • Employees at technology and communications companies used as access points

  • Mobile carrier staff targeted for SIM swapping operations

  • Cryptocurrency users targeted through fraud campaigns

  • Enterprises compromised for extortion and ransomware activity

See also  Radiant Capital to Shut Down After Failing to Recover From $53 Million Hack

Social Engineering Remains Central to Operations

Despite differences between clusters, Group-IB found that social engineering remains a common thread across Scattered Spider activity. Attackers frequently impersonate IT, security or human resources teams to persuade employees to provide credentials or access.

The research found that attackers commonly use phishing pages impersonating identity providers, including Okta, Microsoft, Citrix and Google.

Group-IB also observed some clusters combining enterprise compromises with cryptocurrency theft operations. Attackers used stolen credentials, SIM swaps and phishing campaigns to target cryptocurrency users while also compromising organizations to gather intelligence on potential victims.

The report noted that some clusters have also used commercial remote access tools such as AnyDesk and recruited insiders at telecommunications companies to assist with unauthorized access.

Group-IB concluded that Scattered Spider’s decentralized nature means arrests targeting individual members are unlikely to eliminate the broader threat. 

Instead, organizations should focus on defending against the shared tactics used across clusters, particularly identity-based attacks and social engineering attempts.

Source link

Collective Cybercrime Scattered Spiders structure

Related Posts

Ctrl Wallet to shut weeks after security exploit

July 7, 2026

HYPE Airdrop Scam Drains $12,300 From HyperSwap Wallet in 84 Seconds

July 7, 2026

SecondFi won’t reopen after Cardano wallet breach

July 7, 2026

One of the Most Popular Memecoins Has Been Hacked – The Loss Is Significant

July 7, 2026
Top Posts

Why Was It So Hard For Elite Universities To Condemn Hamas Terrorism?

October 21, 2023

Oscar Health: Decreasing Memberships Is Worrying

September 24, 2023

MetaMask Banned From the App Store (For Like, an Hour – Give or Take)

October 16, 2023

Type above and press Enter to search. Press Esc to cancel.