A group of young cybercriminals poses the “most imminent threat” of cyberattacks

Empty grocery store Shelves and grounded aircraft tend to indicate crises, whether it is extreme weather events, public health crises, or geopolitical emergencies. But in recent weeks, these chaotic scenes have been caused by economically motivated cyberattacks that appear to be caused by a group of joyful teenagers.

A notorious cybercrime group, commonly known as scattered spiders, is known for using social engineering techniques to penetrate target companies, helping desk workers grant access to their systems by tricking it. The team appears to have gained expertise on backend systems commonly used by businesses in a specific industry, and then used that knowledge to achieve a range of goals before moving on to another area, the researchers said. The organization often deploys ransomware or ransomware attacks once the victim is damaged.

The pressure on law enforcement was growing last year, with alleged charges and arrests from five suspects allegedly linked to scattered spiders, and the researchers say the group is less active in 2024 and appears to be trying to underestimate. However, the group’s attacks escalated in recent weeks showed that the scattered spiders were far from defeated and were timid again.

“When it comes to social engineering, there are some unique skilled spider actors who have identified the main gap in the security systems we successfully exploit,” said John Hultquist, chief analyst at Google Threat Intelligence Group. “This organization is carrying out serious attacks on our critical infrastructure and I hope we don’t miss out on the opportunity to address the most imminent threats.”

Although not publicly attributed to many incidents, recent attacks on British grocery chains, North American insurance companies and international airlines are closely related to the scattered spiders. In May, the National Crime Agency confirmed that it was working on scattered spiders in connection with the attack on British retailers. The FBI warned in an alert Friday that it observed that “scattered spiders of cybercrime groups expand their targets to industries that include airlines.” The warning was that North American airline Westjet and Hawaiian Airlines said they were victims of cybercriminals. On Wednesday, Qantas Australia also said it was hit by a cyber attack, although it is unclear whether the attack was part of the group’s campaign.

“They slowed down and we saw them disappear for some time throughout 2024,” said Adam Meyers, senior vice president of strikeback at security firm CrowdStrike. “Then, they roared over the past few months, first hitting retail and then insurers, most recently targeting airlines.”

The scattered spiders were first and foremost a striking group until late 2023, when its members switched from SIM card exchange attacks to launching serious ransomware attacks on Caesars Entertainment and MGM Resorts. The latter spent about $100 million in Migo stock. The researchers stress that the collective is financially motivated and consists primarily of English-speaking adolescents and young people who are usually in the United States or the United Kingdom. The scattered spider hacker is considered a branch of COM, an amorphous network of potentially thousands of trolls and criminals, many of whom engage in harassment, ransomware and child exploitation.