💰💣

Scattered Spider Security Incident

2023-2025 830 days ago Resolved

Incident Overview

Situation Description

Scattered Spider, a cybercrime group, has evolved its social engineering tactics to target major companies across various sectors, including casinos, cloud services, retail, and insurance.

Event Types

Ransomware Malware / Destructive Attack Extortion (non-ransomware)

Industry Sector

Technology

Geographic Scope

Global

Response Actions

Took Systems or Services Offline Restored Systems from Secure Backups Paid a Ransom Notified Affected Individuals & Entities Notified Law Enforcement Managed Public Narrative & Crisis Communications Revised Incident Response Plan Implemented Advanced Authentication Hardened Attack Surface Conducted Employee Training

Impact Analysis

Event Types (3 identified)

Ransomware Malware / Destructive Attack Extortion (non-ransomware)

Financial Impact

$115,000,000 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Financial Data (Credit Cards, Bank Accounts) Credentials Operational / System Data

Primary Impacts

Financial Loss Data Exposure Operational Disruption Reputational Damage

Key Decisions Made

MGM Resorts experienced a week-long outage after attackers used vishing to gain initial access and deploy ransomware, costing an estimated $100 million.; Caesars Entertainment paid a $15 million ransom to prevent the leak of sensitive loyalty program data after attackers infiltrated through a compromised IT support vendor.; In mid-2024, Scattered Spider compromised around 165 Snowflake cloud customers, including AT&T, Ticketmaster, and LendingTree, through phishing campaigns and MFA bypass techniques.

Technical Analysis

Attack Method

Social Engineering

Threat Actor Attribution

Scattered Spider UNC3944 Octo Tempest 0ktapus ALPHV/BlackCat DragonForce

Vulnerability / Tool

Evilginx

Additional Information

Home Blog Contact Login Get a demo Home Blog Contact Login Get a demo Login Get a demo Jun 24, 2025 Scattered Spider Attacks: Timeline, Tactics, and Defense Tips Scattered Spider Attacks: Timeline, Tactics, and Defense Tips Scattered Spider Attacks: Timeline, Tactics, and Defense Tips Scattered Spider Attacks: Timeline, Tactics, and Defense Tips Discover the evolution of Scattered Spider, the cybercrime group behind major social engineering attacks from 2023 to 2025. Discover the evolution of Scattered Spider, the cybercrime group behind major social engineering attacks from 2023 to 2025. Discover the evolution of Scattered Spider, the cybercrime group behind major social engineering attacks from 2023 to 2025. Ross Lazerowitz Co-Founder and CEO Overview: Evolving Social Engineering Threats When MGM Resorts and Caesars Entertainment went dark in late 2023, the culprits werent nation-state hackers with sophisticated malware but a loose band of teenagers calling themselves Scattered Spider. Better known to incident-response teams as UNC3944, Octo Tempest, or 0ktapus, this group thrives not on technical exploits but on manipulating human behavior. Despite high-profile arrests, their tactics continue to evolve, forcing defenders to rethink how social engineering is weaponized at scale. This retrospective covers key incidents involving Scattered Spider from their rise in 2023 through their recent June 2025 attacks, highlighting their methods, impacts, and law enforcement responses. Major Attacks and the Impact of Social Engineering Scattered Spider's hallmark is social engineering, which directly targets the human factor. Here's a detailed look at some of their most impactful campaigns: Casinos Breached: MGM and Caesars (Sept 2023) The group's high-profile attacks on two major Las Vegas casinos set the stage. MGM Resorts experienced a crippling, week-long outage after attackers vished an internal help desk employee, gained initial access, then spread ransomware...

... (truncated for display)

Quick Facts

Company:: Scattered Spider
Date:: 2023-2025
Status:: Resolved
Decision Maker:: Ross Lazerowitz
Position:: Co-Founder and CEO
Published:: 2025

Source Information

Original Query

impact of "Scattered Spider" tactics on corporate incident response and employee training

View Original Source

Timeline

Information Published

2025

Incident Occurred

2023-2025 (830 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats