Scattered Spider: Still Hunting for Victims in 2025

April 9, 2025, 8:31 a.m.

Description

Scattered Spider, a notorious hacking collective, continues to actively target victims in 2025. The group has expanded its focus to include services like Klaviyo, HubSpot, and Pure Storage, while targeting high-profile brands such as Audemars Piguet, Chick-fil-A, and Twitter/X. Silent Push researchers have identified five unique phishing kits used by Scattered Spider since 2023, with some undergoing updates. A new version of Spectre RAT has been discovered, along with the acquisition of a domain previously owned by Twitter/X. Despite arrests of several members in 2024, Scattered Spider has adapted its tactics, including the use of dynamic DNS providers and updated phishing kits. The group continues to employ sophisticated social engineering attacks to obtain credentials and multi-factor authentication tokens.

External References

https://www.silentpush.com/blog/scattered-spider-2025
https://otx.alienvault.com/pulse/67f62708c6faf0ab4e24f6d4
Tags
phishing
social engineering
hubspot
2025-04-09
domain impersonation
klaviyo
spectre rat

Date

  • Created: April 9, 2025, 7:51 a.m.
  • Published: April 9, 2025, 7:51 a.m.
  • Modified: April 9, 2025, 8:31 a.m.

Indicators

  • 149.28.110.16
  • 66.42.117.61
  • login.freshworks-hr.com
  • xn--gryscale-ox0d.com
  • x-sso.com
  • tmobile-okta.com
  • telnyx-cdn.com
  • sytemstern.net
  • sso-instacart.com
  • sts-vodafone.com
  • simpletexting-cdn.com
  • signin-nydig.com
  • pure-okta.com
  • paxos-my-salesforce.com
  • okta-ziffdavis.com
  • okta-louisvuitton.com
  • mytsl.net
  • morningstar-okta.com
  • klv1.io
  • hr-synovus.com
  • iyft.net
  • globaldata-cloud.com
  • gucci-cdn.com
  • hr-myccmortgage.com
  • duelbits-cdn.com
  • freshworks-hr.com
  • dashboard-iterable.com
  • doordash-support.com
  • corporatetools-okta.com
  • corp-hubspot.com
  • cts-comcast.com
  • corp-azure.com
  • corp-asurion.com
  • citrix-okta.com
  • birdsso.com
  • bestbuy-cdn.com
  • activecampiagn.net
  • 7-eleven-hr.com
  • login.hr-intercom.com
  • twitter-okta.com
  • squarespacehr.com
  • prntsrc.net
  • pfchangs-support.com
  • onsolve-okta.com
  • okta-ripple.com
  • okta-onsolve.com
  • itbit-okta.com
  • docusign-okta.com
  • corp-foundever.net
  • consensys-okta.com
  • commonspiritcorp-okta.com
  • acwa-apple.com
  • klaviyo-hr.com
  • gemini-sso.com
  • bell-hr.com
  • asurion-idp.com
  • bbtplus.com
Download all indicators here!

Attack Patterns

  • Spectre RAT
  • Scattered Spider

Additional Informations

  • Retail
  • Technology
  • Healthcare
  • Finance
  • Telecommunications
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America