Scattered Spider, a cybercrime group, is targeting VMware ESXi hypervisors across the retail, airline, and transportation sectors in North America. The group's tactics rely on social engineering rather than software exploits, primarily using phone calls to IT help desks. Known for their creativity and aggression, they conduct operations aimed at critical systems and data. Their attack methodology includes an initial compromise, reconnaissance, privilege escalation, and subsequently using the Active Directory to access the VMware vSphere environment. This approach enables effective data exfiltration and ransomware deployment while evading security tools.
The group's core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk.
The actors are aggressive, creative, and particularly skilled at using social engineering to bypass even mature security programs. Their attacks are precise, campaign-driven operations aimed at critical systems and data.
Collection
[
|
...
]