Administered by:
Ambassador #scatteredspider
"Breaking News:" The Scattered Spider kids seem to have opened their own channel on Telegram. Rude, crude, and leaking data already. Some of the redacted screenshots they have posted suggest that they may have had victims that we did not know about already.
(exclusive):
ShinyHunters sent Google an extortion demand; Shiny comments on current activities
In a long chat yesterday, Shiny touched on Google, France, Australia and the Qantas injunction, and the NSA's alleged attempts at voice analysis:
#ShinyHunters #ScatteredSpider #Salesforce #Google #LVMH #Qantas
@campuscodi @lawrenceabrams @zackwhittaker @euroinfosec @kevincollier
Are Scattered Spider and ShinyHunters one group or two? And who did France arrest?
It's been a wild weekend here trying to sort out the relationship between #ShinyHunters and #ScatteredSpider. And then, to really blow my mind, I heard from the leader of ShinyHunters (or someone claiming to be him) and no, he's not in prison in France.
If I was trolled, it's absolutely an amazingly good troll. But see what you think.
HOT OFF THE PRESS:
Joint CISA Advisory on Scattered Spider
Fresh IOCs and TTPs included.
Scattered Spider has been BUSY. Go update your blocks.
#UK Charges Four in ‘Scattered Spider’ #Ransom Group
Authorities in the #UnitedKingdom this week arrested four alleged members of “Scattered Spider,” a prolific data theft and #extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.
#privacy #scatteredspider
https://krebsonsecurity.com/2025/07/uk-charges-four-in-scattered-spider-ransom-group/
@briankrebs i've seen some IR figures get squirrely about the name. some argue Scattered Spider is a loose confederation, others an attack methodology. i don't have a strong opinion on that but i've seen the absolute bedlam these crews drop everywhere they go. #infosec #scatteredSpider
Three teenage males and a young woman hauled away by cops, suspected of hacking huge retailers.
Four youngsters are in custody today, alleged to be the notorious #ScatteredSpider hackers (or at least, some of them). The “loose affiliation” of hackers is suspected of badly disrupting operations at three large retail chains since April.
The four are innocent until proven guilty. In #SBBlogwatch, we channel Sir William Garrow.
@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/arrests-scattered-spider-richixbw/
Even more arrests! Reuters reports:
Four people have been arrested as part of a police investigation into cyberattacks that disrupted the operations of retailers Marks & Spencer, the Co-op and Harrods, Britain's National Crime Agency said.
The cyberattack on M&S was the most serious, costing it about 300 million pounds ($409 million) in lost operating profit.
The NCA said two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands, central England, and London on Thursday on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.
M&S head Archie Norman won’t say if he authorized #DragonForce #ransomware hacker payday.
British shopping titan M&S is still dealing with the mess caused by April’s #ransomware attack. There’s at least three months more work ahead says the firm’s chairman, Archie Norman (pictured).
But there are persistent rumors M&S paid #ScatteredSpider’s ransom demand. In #SBBlogwatch, Norman will neither confirm nor deny.
@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/marks-spencer-archie-norman-ransom-richixbw/
A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now
https://www.wired.com/story/scattered-spider-most-imminent-threat/
A Group of Young #Cybercriminals Poses the ‘Most Imminent Threat’ of #Cyberattacks Right Now
The #ScatteredSpider #hacking group has caused chaos among retailers, insurers, and airlines in recent months. Researchers warn that its flexible structure poses challenges for defense.
#security #privacy
https://www.wired.com/story/scattered-spider-most-imminent-threat/
Scattered Spider hackers are now targeting aviation and transport by posing as trusted insiders—imagine getting a call from "IT support" that isn’t really IT support. How deep does their deception go?
#scatteredspider
#cybersecurity
#socialengineering
#aviationsecurity
#transportationsecurity
As expected, more details are emerging in other news outlets about the arrest of #ShinyHunters.
One detail I noted is that ShinyHunters is suspected of being responsible for the attacks on #LVMH, which is the high-end brand associated with Tiffany and Dior, who both reported breaches this year. Although there had been some speculation that #ScatteredSpider might be responsible for those breaches, it appears that ShinyHunters was allegedly responsible.
There have been a number of hacks this year where it is not clear -- in the absence of law enforcement confirmation -- whether a #databreach has been by Scattered Spider or ShinyHunters, or whether they have collaborated with one doing the hacking and the other doing the extortion. I predict in weeks/months to come, we will be given a pretty big list of big hacks that ShinyHunters has been involved in this year.
As I reported in my coverage of the PowerSchool hack and prosecution of Matthew Lane, ShinyHunters' name has been linked to that one, too, but was not named as a co-conspirator.
This is where I should write "This is a developing story..." huh?
Aflac notifies SEC of breach suspected to be work of Scattered Spider:
They're the third U.S. insurer breach we know about this month.
We were warned this would happen. And now here we are.
United Natural Foods ($UNFI) has had to switch off systems after a cyberattack, crippling its operations. This is a huge deal, because #UNFI is a big part of the grocery distribution network in the U.S. and Canada.
Once again, it looks like the work of #UNC3944, a/k/a #ScatteredSpider. In #SBBlogwatch, we hoard canned goods.
@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/06/united-natural-foods-hack-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc