CrowdStrike Identifies New Extortion Groups Mimicking Scattered Spider Tactics
CybercrimeCybersecurityRansomwareResearchThreatsacademiaautomotiveaviationCloudCordial SpiderCrowdStrikedata theftextortionfinancial sectorFinancial serviceshospitalitylegalretailsaasScattered SpiderSnarky SpidertechnologyThe Com
CrowdStrike reported that two new extortion groups, Cordial Spider and Snarky Spider, are replicating tactics from the Scattered Spider threat actor collective, which is affiliated with The Com. These groups employ voice phishing (vishing) and fake single sign-on (SSO) pages to compromise Software-as-a-Service (SaaS) environments and rapidly exfiltrate data for extortion purposes. The attacks target multiple sectors, including academia, automotive, aviation, financial services, hospitality, legal, retail, and technology. No specific dates, technical indicators, or CVE IDs were disclosed in the report. The primary impact involves unauthorized data theft and subsequent extortion demands against affected organizations.