🐙

0ktapus

Aliases

ScatterSwine, UNC3944 (Mandiant), Octo Tempest (MSFT), Storm-0875 (MSFT), Scattered Spider, Muddled Libra (Unit42), LUCR-3 (Permiso)

Tags

ExtortionistRansomOps

Attribution

💰Cybercrime

Incidents

Twilio incident SIM swapping to serial port abuse Scattered Spider Azure Run abuse Muddled Libra campaigns (2024)Scattered Spider SaaS targeting (2023)Scattered Spider SaaS targeting (2024)Ransomware operators exploit ESXi vulnerability Scattered Spider Abuses Cloud Management Agent Scattered Spider targeting Azure environment Scattered Spider targeting GCP environment Scattered Spider abuses Cloud Management Agent to establish persistence

References

https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic/https://blog.sekoia.io/scattered-spider-laying-new-eggs/https://blog.eclecticiq.com/ransomware-in-the-cloud-scattered-spider-targeting-insurance-and-financial-industries

Last edited

Oct 14, 2024 12:57 PM

Status

Finalized

Cloud-fluent

The 0ktapus cyber group, also known by aliases such as ScatterSwine, UNC3944, Scattered Spider, and Muddled Libra, is a cybercrime group known for its phishing campaigns and credential theft operations. The group gained particular notoriety for targeting organizations primarily in the United States across various sectors, aiming to steal credentials that could grant them access to victim networks and resources. Their tactics often involve the use of SMS phishing (smishing) and voice phishing (vishing) to deceive employees into revealing their login details, particularly focusing on circumventing multi-factor authentication mechanisms.

One of their most significant campaigns involved attempting to compromise the Okta identity and access management services used by companies to manage user authentication and access permissions. By gaining access to such systems, the group could potentially have wide-ranging access to multiple platforms and sensitive data belonging to the compromised organization.