22 July 2024

Teenage member of Scattered Spider cybercrime group arrested in the UK


Teenage member of Scattered Spider cybercrime group arrested in the UK

West Midlands police, in collaboration with the Regional Organised Crime Unit for the West Midlands (ROCUWM), the National Crime Agency (NCA), and the United States Federal Bureau of Investigation (FBI), have arrested a 17-year-old boy from Walsall linked to the notorious cybercrime group known as Scattered Spider. This group is implicated in numerous high-profile ransomware attacks, including a breach at MGM Resorts in the United States.

The teen was taken into custody on suspicion of Blackmail and Computer Misuse Act offences and has been released on bail.

Scattered Spider (aka Octo Tempest, 0ktapus, Scatter Swine, and UNC3944) has been active since at least May 2022 and is known for its sophisticated social engineering attacks. These attacks often involve SMS phishing, SIM swapping, and account hijacking to gain on-premises access. The group, primarily operating through underground communities on Telegram, hacking forums, and Discord servers, has developed a reputation for its aggressive and varied tactics.

Initially, UNC3944 concentrated on credential harvesting and SIM swapping attacks. Over time, the threat actor expanded its operations to include ransomware and data theft extortion. Recently, however, the group has focused more on data theft extortion without deploying ransomware. To intimidate victims into compliance, UNC3944 has employed various tactics, including threats of doxxing personal information, physical harm, and the distribution of compromising material.

More recently, the group has shifted its focus towards data theft from software-as-a-service (SaaS) applications.


Back to the list

Latest Posts

Cisco says decade-old bug in ASA appliances exploited in the wild

Cisco says decade-old bug in ASA appliances exploited in the wild

The activity involving CVE-2014-2120 has been linked to the Mozi botnet.
3 December 2024
North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

The objective of the attacks is credential theft, enabling Kimsuky to hijack victim accountsю
3 December 2024
Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

It is believed that the North Korean state-backed threat actor Lazarus Group was behind the hack.
3 December 2024