The risk actor often known as Scattered Spider seems to have shifted its focus from the retail sector to insurance coverage firms, in accordance with a warning from Google’s Menace Intelligence Group.
Scattered Spider, tracked by Google and Mandiant as UNC3944, has been round for a number of years. Its actions have apparently been paused at instances, significantly following regulation enforcement actions, however the hackers at the moment are as soon as once more extremely lively.
The risk group is thought for using refined social engineering ways, and its present focus seems to be on ransomware and knowledge theft extortion.
After the latest assaults focusing on main UK retailers Co-op, Harrods and M&S had been linked to Scattered Spider — and a probably affiliated ransomware group named DragonForce — Google warned that the hackers had turned their consideration to retailers in the US.
Now, roughly one month later, the tech large has issued a contemporary warning after its Menace Intelligence Group grew to become conscious of a number of assaults in opposition to the US insurance coverage trade that seem to have been carried out by Scattered Spider.
“Given this actor’s historical past of specializing in a sector at a time, the insurance coverage trade needs to be on excessive alert, particularly for social engineering schemes which goal their assist desks and name facilities,” mentioned John Hultquist, chief analyst at Google Menace Intelligence Group.
Google has not shared extra particulars on these new assaults, however pointed to steering it printed final month to assist organizations defend in opposition to Scattered Spider assaults.
It’s unclear which firms have been focused by Scattered Spider within the newest marketing campaign.Commercial. Scroll to proceed studying.
One in all them could possibly be Erie Insurance coverage, a Pennsylvania-based insurance coverage firm that detected a cybersecurity breach on June 7. Erie has been sharing updates in regards to the influence of the incident, but it surely’s nonetheless unclear who was behind the assault.
SecurityWeek has reached out to Erie Insurance coverage for remark and can replace this text if the corporate responds.
Associated: Anubis Ransomware Packs a Wiper to Completely Delete Recordsdata
Associated: Delicate Data Stolen in Sensata Ransomware Assault
Associated: FBI Conscious of 900 Organizations Hit by Play Ransomware
Associated: Cyber Insights 2025: Cyberinsurance – The Debate Continues
