"A member of the band of native English-speaking adolescent hackers lately calling itself Scattered Lapsus$ Hunters published Friday a semi-coherent screed proclaiming the collective would be "going dark." Many cybersecurity experts responded with skepticism. Evidence suggests that at least some members of the loose-knit hacking collective are continuing to hit targets. Threat intelligence firm ReliaQuest said it's still seeing known indicators of compromise tied to Scattered Spider."
"The firm said a U.S. banking organization - it didn't name which one - fell victim to a technically sophisticated Scattered Spider attack that occurred after the retirement announcement. "Scattered Spider gained initial access by socially engineering an executive's account and resetting their password via Azure Active Directory Self-Service Password Management. From there, they accessed sensitive IT and security documents, moved laterally through the Citrix environment and VPN, and compromised VMware ESXi infrastructure to dump credentials and further infiltrate the network," ReliaQuest said."
Scattered Lapsus$ Hunters, identifying as Scattered Spider, announced it would "go dark," but cybersecurity experts remained skeptical. ReliaQuest continues to observe indicators of compromise tied to Scattered Spider and reported a post-announcement, technically sophisticated attack on a U.S. banking organization. The attacker attempted to steal data from multiple repositories, including AWS and Snowflake accounts. Initial access was gained by socially engineering an executive and resetting a password via Azure AD self-service; the intruder accessed IT and security documents, moved laterally through Citrix and VPN, and compromised VMware ESXi to dump credentials and deepen infiltration. Evidence indicates some members are still active.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]