Scattered Spider

Techniques (MITRE ATT&CK)64

SourceMITRE ATT&CK

Also known as:Roasted 0ktapusOcto TempestStorm-0875UNC3944

Vexday analysis

Scattered Spider (também identificado como Roasted 0ktapus, Octo Tempest, Storm-0875 e UNC3944) é um grupo criminoso de língua inglesa ativo desde pelo menos 2022, catalogado pelo MITRE ATT&CK sob o identificador G1015 com 64 técnicas documentadas. Inicialmente concentrado em provedores de CRM, empresas de terceirização de processos de negócio (BPO) e companhias de telecomunicações e tecnologia, o grupo expandiu suas operações em 2023 para os setores de jogos, hotelaria, varejo, provedores de serviços gerenciados (MSP), manufatura e serviços financeiros. Suas operações dependem fortemente de engenharia social, incluindo a personificação de equipes de TI e suporte técnico, para obter acesso inicial, contornar autenticação multifator (MFA) e comprometer redes corporativas. Ao grupo são atribuídas duas CVEs conhecidas.

Techniques (MITRE ATT&CK) 64

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Gather Victim Identity Information Phishing for Information Spearphishing Link Spearphishing Voice

Resource development

Domains Social Media Accounts Malware Tool

Execution

PowerShell Unix Shell User Execution

Persistence

Account Manipulation Additional Cloud Roles External Remote Services Create Account Systemd Service

Privilege escalation

Exploitation for Privilege Escalation

Credential access

NTDS Steal Web Session Cookie Credentials In Files Private Keys Password Managers Multi-Factor Authentication Request Generation

Discovery

System Network Configuration Discovery Remote System Discovery Permission Groups Discovery Domain Groups System Information Discovery File and Directory Discovery Account Discovery Domain Account Browser Information Discovery Cloud Service Dashboard Cloud Infrastructure Discovery

Lateral movement

Remote Desktop Protocol SSH Cloud Services

Collection

Data Staged Email Collection Email Forwarding Rule Code Repositories Messaging Applications Data from Cloud Storage

Command and control

Proxy Ingress Tool Transfer Remote Desktop Software Protocol Tunneling

Exfiltration

Exfiltration Over C2 Channel Exfiltration to Cloud Storage

Impact

Data Encrypted for Impact Inhibit System Recovery Financial Theft

defense-impairment

Trust Modification Code Signing Multi-Factor Authentication Conditional Access Policies Create Cloud Instance Disable or Modify Tools

stealth

Direct Volume Access Clear Mailbox Data Valid Accounts Cloud Accounts Email Hiding Rules Impersonation

Exploited vulnerabilities 2

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2015-2291HIGHEPSS 9%KEV CVE-2019-3610MEDIUMEPSS 0%

Scattered Spider uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →