New Campaigns from Scattered Spider

May 10, 2024, 8:55 a.m.

Description

Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various industries, particularly the finance and insurance sectors. Their tactics involve creating convincing lookalike domains and login pages to lure victims into revealing credentials. Defenders should remain vigilant, monitor for suspicious domains, and educate employees about identifying phishing attempts.

External References

https://www.cyberresilience.com/threatonomics/resilience-threat-researchers-identify-new-campaigns-from-scattered-spider/
https://otx.alienvault.com/pulse/663ddbdf6d0f3e9aba3f095a
Tags
phishing
social engineering
2024-05-05
2024-05-06
2024-05-07
2024-05-08
credential theft
telecom targeting
lookalike domains
2024-05-09
2024-05-10

Date

  • Created: May 10, 2024, 8:33 a.m.
  • Published: May 10, 2024, 8:33 a.m.
  • Modified: May 10, 2024, 8:55 a.m.

Indicators

  • login.suniife.com
  • zendesklt.com
  • zen-sso.com
  • yourbbt.com
  • walmartworkspace.com
  • walmartsso.com
  • vzapps-vzn.com
  • vz-hr.com
  • uscellularhr.com
  • uscellular-sso.com
  • uscellular-hr.com
  • uscell.net
  • usccplus.com
  • uscchr.com
  • unumhr.com
  • unum-hr.com
  • truecorphr.net
  • transamerica-hr.com
  • thrivent-hr.com
  • telesignhr.com
  • teiekom.net
  • synchronyfinanciai.com
  • supporthub-iqor.com
  • stargate-sso.com
  • squarespace-hr.com
  • square-sso.com
  • singtei.net
  • sinchdev.com
  • sharing-folders.com
  • sec-sso.net
  • roblox-hrs.com
  • recurlysso.com
  • realogy-hr.com
  • rbxhr.net
  • podium-hr.com
  • orange-sso.com
  • on-sinch.com
  • nfp-hr.com
  • newyorklifehr.com
  • myworkspaceinfo.com
  • my-tsl.net
  • my-tsl.com
  • mercury-hr.com
  • mutualofomaha-hr.com
  • linkedinsso.com
  • klavlyo.com
  • klaviyo-hr.com
  • infobbt.com
  • iliad-sso.com
  • ibexgiobal.com
  • hanover-hr.com
  • grubhubsso.com
  • gitlabsso.com
  • gitlabhr.com
  • gemini-sso.com
  • freshdesksso.com
  • foundever-sso.com
  • fireblocks-sso.com
  • fidelitysso.com
  • eclerx-sso.com
  • costsso.com
  • desksso.com
  • corporate-pnc.com
  • corporate-huntington.com
  • corporate-ally.com
  • corp-foundever.com
  • connect-sso.com
  • corp-cox.com
  • connect-asurion.net
  • cofelyvision.com
  • clicksend-staging.com
  • cinfin-hr.com
  • cgsinchr.com
  • cellularsso.com
  • cellularsaies.com
  • cellularhr.com
  • bn-sso.com
  • block-sso.com
  • bell-hr.com
  • bbtcorp.net
  • athene-usa.com
  • asurion-idp.com
  • assurionsso.net
  • applesso.com
  • amica-hr.com
  • ally-hr.com
  • allstate-hr.com
  • aflac-hr.com
  • activesso.com
  • activecampaignhr.com
  • activecampaign-hr.com
  • charter-vpn.com
  • chartervpn.com
  • bbthour.com
  • my-twilio.com
  • bbt-work.com
  • victrasso.com
  • actlvecampaign.net
  • asurionsso.com
  • connect-cox.com
  • bbtvpn.com
  • klaviyocorp.net
  • podiumsso.com
  • intercomsso.net
  • hubsso.net
  • cashsso.com
  • ssotelnyx.com
  • postmarksso.com
  • freshworksso.com
  • bbtemps.com
  • freshworks-sso.net
  • trustsso.com
  • telnyxsso.com
  • ssopodium.com
  • bbt-hr.com
  • telnyx-sso.com
  • bbtplus.com
  • workatbbt.com
Download all indicators here!

Attack Patterns

  • Scattered Spider

Additional Informations

  • Retail
  • Technology
  • Insurance
  • Finance
  • Telecommunications

Linked vulnerabilities

CVE-2024-22024

None
Published: