An aggressive, nebulous ring of young cybercriminals linked to a string of recent high-profile breaches is made up of approximately 1,000 people, a senior FBI official said Friday.

In remarks Friday at the cybercrime-focused Sleuthcon conference, Bryan Vorndran, assistant director of the FBI’s Cyber Division, described the group best known as Scattered Spider as a “very, very large, expansive, disbursed group of individuals,” many of whom don’t know each other directly.

Scattered Spider emanates from an online community known as “the Com.” The group is also tracked by cybersecurity firms as “0ktapus” or UNC3944, and Vorndran’s remarks provide the best number yet for the total size of the hacking crew. 

Scattered Spider has breached a who’s-who of big-name companies, including the casino giant MGM Resorts and the identity management company Okta. Made up of mostly native English speakers in the United States and the United Kingdom, Scattered Spider is classified as a top three cybersecurity threat, alongside China and Russia’s foreign intelligence agency, Vorndran said.

Scattered Spider and the broader Com excel in social engineering, including by talking their way into privileged networks by targeting help desks and other key access points. Once inside, they’ve demonstrated immense skill at moving around networks and exfiltrating data and have also shown signs of collaboration with established ransomware groups.

When members of the Com were linked to an attack last year on MGM Resorts and Caesars Entertainment that hobbled casino and hotel operations in Las Vegas, it cemented the group’s status as one of the most impactful cybercrime groups working today.

In the days after the MGM attack, researchers told CyberScoop that people in the Com form various smaller groups that sometimes work together or battle each other. Some groups advertise violence as a service — including assaults and throwing bricks through windows — and in some cases have taken to physical threats against victims to pressure them into paying extortion demands, as Microsoft reported in October 2023.

The FBI has taken heat for a seeming lack of progress in arresting Com members, some of whom are believed to be in the United States, but officials say the agency has taken non-public actions and promise more to come. In January, authorities in Florida arrested 19-year-old Noah Urban, Krebs on Security reported, a key figure in the crime ring.

The potent digital and physical threat posed by groups within the Com have some researchers calling for cybercrime to be given the same amount of attention and resources that the cybersecurity industry dedicates to combating state-aligned cyber operations, referred to as “advanced persistent threats” or APTs.

“In biasing ourselves towards APT versus e-crime, we create a false dichotomy that pushes resources, attention and support to areas that don’t always align with the greatest organizational risks,” Selena Larson, a senior threat intelligence analyst with cybersecurity firm Proofpoint, said in a talk Friday at Sleuthcon, to cheers from the audience. “Your average organization has a greater threat from cybercrime than government-backed actors.”

The post Potent youth cybercrime ring made up of 1,000 people, FBI official says appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Details of a Phone Scam

February 21, 2024 0 Comments 0 tags

First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with a fake CIA agent, and lost $50,000 cash. And this

Major health care system hobbled by ‘cyber incident’

May 9, 2024 0 Comments 0 tags

Ascension, a health care system with 140 hospitals in 19 states and Washington, D.C., and tens of thousands of employees and affiliated providers, detected a “cyber security event” Wednesday that

FISA reauthorization heads to Biden’s desk after Senate passage

April 20, 2024 0 Comments 0 tags

Legislation to extend potent surveillance authorities won the precise number of votes it needed for passage early Saturday, sending the bill to the president for a signature after a midnight