"The group's core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk."
"The actors are aggressive, creative, and particularly skilled at using social engineering to bypass even mature security programs. Their attacks are precise, campaign-driven operations aimed at critical systems and data."
Scattered Spider, a cybercrime group, is targeting VMware ESXi hypervisors across the retail, airline, and transportation sectors in North America. The group's tactics rely on social engineering rather than software exploits, primarily using phone calls to IT help desks. Known for their creativity and aggression, they conduct operations aimed at critical systems and data. Their attack methodology includes an initial compromise, reconnaissance, privilege escalation, and subsequently using the Active Directory to access the VMware vSphere environment. This approach enables effective data exfiltration and ransomware deployment while evading security tools.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]