The infamous cybercrime teams Scattered Spider and ShinyHunters declare they’re retiring, however the cybersecurity trade is skeptical and believes the hackers will proceed to be energetic.
Scattered Spider has been round for a number of years and it lately made many headlines for focusing on the retail, insurance coverage, and aviation industries. The menace group has additionally been within the highlight for its widespread Salesforce hacking marketing campaign, which impacted main corporations reminiscent of Google.
A number of people with alleged ties to Scattered Spider have been arrested, charged and sentenced over the previous yr.
A few of the current assaults attributed to Scattered Spider additionally seem to have concerned ShinyHunters, a cybercrime group specializing in extortion. The 2 teams are believed to have merged.
In a message posted on-line final week, Scattered Spider and ShinyHunters introduced their retirement. A prolonged manifesto mentions current high-profile hacks and taunts legislation enforcement. “Our targets having been fulfilled, it’s now time to say goodbye,” the hackers mentioned.
Nonetheless, the cybersecurity trade doubts that the cybercriminals will utterly retire. SecurityWeek has heard from a number of trade professionals and most of them have urged organizations to not let their guard down.
It’s not unusual for high-profile menace teams to make false claims about retiring, significantly when stress from legislation enforcement is increase.
“Again in 2019 the GandCrab crew introduced they had been retiring after incomes greater than $2bn, that they had cashed out and stop the enterprise,” mentioned James Maude, discipline CTO at BeyondTrust. “Just a few months later REvil ransomware appeared bearing all of the hallmarks of the GandCrab crew main many to the conclusion that that they had really rebranded fairly than retired.” Commercial. Scroll to proceed studying.
“With these teams specifically they don’t seem to be organized in the identical manner as earlier menace actors and are a much more loosely related group of people that may be much more more likely to disband and reform in new teams than really retire,” Maude added.
Menace intelligence agency KELA identified that Scattered Spider and ShinyHunters posted an identical retirement assertion on Telegram on August 18, asserting the deletion of their Telegram channel, solely to create a brand new channel on August 28.
“This time, regardless of declaring their retirement a few week in the past, they haven’t deleted their channel and have continued posting, together with sharing FBI reporting about them,” KELA informed SecurityWeek.
Cian Heasley, principal marketing consultant at Acumen Cyber, believes the cybercriminals “are shopping for some respiration time, panicking about the specter of jail, and arguing behind the scenes about how a lot bother they’re really in and the should be cautious.”
The cybercriminals’ farewell message notes that even when they are going to be talked about in new knowledge breach disclosures, these would be the results of their previous assaults and shouldn’t be seen as an indication that they’re nonetheless energetic. Alternatively, the hackers mentioned “we’ve got determined that silence will now be our energy”.
“The assertion about ‘silence being their energy’ may sign a shift in technique—maybe transferring towards quieter, extra focused assaults or promoting their experience to different teams,” mentioned Casey Ellis, founder at Bugcrowd. “It’s attainable that some members will transition into different types of cybercrime, like hacking-for-hire or fraud.”
Palo Alto Networks SVP Sam Rubin has highlighted a few of the dangers that stay even when public Scattered Spider operations are paused. “Stolen knowledge can resurface, undetected backdoors could persist, and actors could re-emerge below new names,” Rubin mentioned. “Silence from a menace group doesn’t equal security. Organizations should keep vigilant and function below the idea that the menace has not disappeared, solely tailored.”
Nivedita Murthy, senior employees marketing consultant at Black Duck famous, “It may very well be attainable that a few of these teams could have determined to step again and luxuriate in their payday, nevertheless it doesn’t cease copycat teams from rising up and taking their place”.
BeyondTrust’s Maude agrees, declaring that “even when some members of the group are retiring, spending their days cashing out ill-gotten cryptocurrency within the Caribbean, the amount of cash accessible from cybercrime will be sure that any void is shortly stuffed.”
Associated: Scattered Spider Exercise Drops Following Arrests, however Others Adopting Group’s Ways
Associated: US Presents $10 Million Reward for Ukrainian Ransomware Operator
