The U.S. Department of Justice and British police have charged Talha Jubair, 19, a resident of East London, who investigators believe is a key member of Scattered Spider , a group responsible for a series of extortion attacks targeting major businesses and government agencies. According to the file, from May 2022 to September of this year, attackers carried out at least 120 intrusions, affecting 47 organizations in the United States, and the total amount of payments exceeded $115 million. A parallel case in London involves an attack on Transport for London in August 2024, in which 18-year-old Owen Flowers was involved along

The authors of the PoisonSeedphishing campaign have found a way to bypass FIDO (in this case, FIDO2 with WebAuthn) using the cross-device authentication mechanism implemented in WebAuthn. The attackers convince victims to approve login requests from fake corporate portals. Please note that the PoisonSeed campaign is based on phishing, the ultimate goal of which is financial fraud. In the past, attackers have hacked corporate accounts for email marketing purposes and sent users letters containing pre-set seed phrases for cryptocurrency wallets. In the new attacks identified by Expel experts, attackers are not exploiting a vulnerability in FIDO mechanisms, but are abusing a legitimate

By Cyber Defense Center Maticmind (Andrea Mariucci, Riccardo Michetti, Federico Savastano, Ada Spinelli) The Scattered Spider threat actor, UNC9344, made its appearance in 2022 with two targeted attacks on Caesars and MGM casinos. Belonging to the informal group “The Com,” UNC3944 is known for its sophisticated social engineering tactics and its ability to navigate cloud environments. SCATTERED SPIDER uses a variety of techniques to gain access to victims’ systems, including stealing administrative credentials through phishing attacks via email, SMS, SIM swapping, and impersonating IT/helpdesk staff, as well as legitimate software such as AnyDesk and ScreenConnect to maintain persistence. The group is also