FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group

by Esmeralda McKenzie
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group

FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group

FBI Shares Tactics & Tactics Dilapidated by Scattered Spider Hacker Community

In fresh months, the Scattered Spider hacking community (aka Starfraud, UNC3944, Scatter Swine, and Muddled Libra) has made data for allegedly attacking the next casino giants:-

  • MGM Motels
  • Caesars Entertainment

The FBI and CISA no longer too prolonged within the past issued a joint Cybersecurity Advisory (CSA) on Scattered Spider possibility actors focusing on commercial facilities.

FBI Tactics & Tactics

The sizzling advisory from the FBI and CISA finds fresh TTPs from November 2023 by Scattered Spider, a stylish hacker community focusing on gargantuan companies.

While this possibility community, Scattered Spider, is belief for records theft and BlackCat/ALPHV ransomware use, the companies ride crucial infrastructure organizations to put into effect suggested mitigations.

Apart from this, the Scattered Spider hacker community is an authority in social engineering and uses a pair of social engineering ways cherish:-

  • Phishing attacks
  • Push bombing attacks
  • Subscriber identification module (SIM) swap attacks

With the support of those attacks, they form credentials after which set up a ways away salvage admission to tools on the centered plan to bypass Multi-Yell Authentication (MFA).

FBI notes Scattered Spider the use of respectable a ways away salvage admission to tools publish-network salvage admission to.

The advisory reflects the U.S. authorities’s push in opposition to ransomware gangs, urging more victims to step ahead for enhanced collective data to call and counter threats.

TTPs feeble

Right here below, now we possess talked about the total TTPs that the Scattered Spider hacker community uses:-

Tools Dilapidated:

  • Fleetdeck.io – Enables a ways away monitoring and management of programs.
  • Stage.io – Enables a ways away monitoring and management of programs.
  • Mimikatz [S0002] – Extracts credentials from a plan.
  • Ngrok [S0508] – Enables a ways away salvage admission to to a neighborhood internet server by tunneling over the catch.
  • Pulseway – Enables a ways away monitoring and management of programs.
  • Screenconnect – Enables a ways away connections to network devices for management.
  • Splashtop – Enables a ways away connections to network devices for management.
  • Tactical.RMM – Enables a ways away monitoring and management of programs.
  • Tailscale – Supplies digital private networks (VPNs) to internet network communications.
  • Teamviewer – Enables a ways away connections to network devices for management.

Malware feeble:

  • AveMaria (furthermore is called WarZone [S0670]) – Enables a ways away salvage admission to to a victim’s programs.
  • Raccoon Stealer – Steals data including login credentials [TA0006], browser historical past [T1217], cookies [T1539], and other records.
  • VIDAR Stealer – Steals data including login credentials, browser historical past,
  • cookies, and other records.

Domains feeble:

  • victimname-sso[.]com
  • victimname-servicedesk[.]com
  • victimname-okta[.]com

Tactics & Tactics feeble:

Reconnaissance & Helpful resource Building

Reconnaissance & Helpful resource Building (Provide - CISA)
Reconnaissance & Helpful resource Building (Provide – CISA)

Preliminary Score entry to & Execution

Preliminary Score entry to & Execution (Provide - CISA)
Preliminary Score entry to & Execution (Provide – CISA)

Persistence, Privilege Escalation, & Defense Evasion

Persistence, Privilege Escalation, & Defense Evasion (Provide - CISA)
Persistence, Privilege Escalation, & Defense Evasion (Provide – CISA)

Credential Score entry to & Discovery

Credential Score entry to & Discovery (Provide - CISA)
Credential Score entry to & Discovery (Provide – CISA)

Lateral Motion & Sequence

Lateral Motion & Sequence (Provide - CISA)
Lateral Motion & Sequence (Provide – CISA)

Uncover and Regulate, Exfiltration, and impact

Uncover and Regulate, Exfiltration, & Impact (Provide - CISA)
Uncover and Regulate, Exfiltration, & Impact (Provide – CISA)

Suggestions

Right here below, now we possess talked about the total suggestions equipped by the cybersecurity researchers:-

  • Implement application controls.
  • Minimize the possibility of malicious actors.
  • Imposing FIDO/WebAuthn authentication or Public Key Infrastructure (PKI)-primarily primarily primarily based MFA.
  • Strictly limit the use of Far-off Desktop Protocol (RDP) and other a ways away desktop services and products.
  • Implement a recovery opinion.
  • Retain offline backups of records.
  • Require all accounts with password logins ) to conform with NIST’s requirements for constructing and managing password insurance policies.
  • Require phishing-resistant multifactor authentication (MFA).
  • Set up all working programs, plan, and firmware up so a ways.
  • Segment networks.
  • Identify, detect, and study odd job and likely traversal of the indicated ransomware with a networking monitoring plan.
  • Set up, on a long-established foundation change, and enable exact-time detection for antivirus plan on all hosts.
  • Disable unused ports and protocols.
  • Inform about including an email banner to emails.
  • Disable hyperlinks.
  • Make particular all backup records is encrypted and immutable.

Source credit : cybersecuritynews.com

Related Posts