West Midlands police, in collaboration with the Regional Organised Crime Unit for the West Midlands (ROCUWM), the National Crime Agency (NCA), and the United States Federal Bureau of Investigation (FBI), have arrested a 17-year-old boy from Walsall linked to the notorious cybercrime group known as Scattered Spider. This group is implicated in numerous high-profile ransomware attacks, including a breach at MGM Resorts in the United States.
The teen was taken into custody on suspicion of Blackmail and Computer Misuse Act offences and has been released on bail.
Scattered Spider (aka Octo Tempest, 0ktapus, Scatter Swine, and UNC3944) has been active since at least May 2022 and is known for its sophisticated social engineering attacks. These attacks often involve SMS phishing, SIM swapping, and account hijacking to gain on-premises access. The group, primarily operating through underground communities on Telegram, hacking forums, and Discord servers, has developed a reputation for its aggressive and varied tactics.
Initially, UNC3944 concentrated on credential harvesting and SIM swapping attacks. Over time, the threat actor expanded its operations to include ransomware and data theft extortion. Recently, however, the group has focused more on data theft extortion without deploying ransomware. To intimidate victims into compliance, UNC3944 has employed various tactics, including threats of doxxing personal information, physical harm, and the distribution of compromising material.
More recently, the group has shifted its focus towards data theft from software-as-a-service (SaaS) applications.