The Shadowy Web: Exploring the Scattered Spider Group and Its Sinister Alliances

April 16, 2024

The Shadowy Web: Exploring the Cyber hackers Scattered Spider group and its sinister alliances

Scattered Spider

By Daniel Brunner | Chief Operating Officer | Brunner Sierra Group

In the murky depths of cybercrime, few groups have cast as wide and dangerous a net as the Scattered Spider group. Known for their sophisticated attacks and elusive operations, this group has recently risen to infamy within the cyber intelligence community. Their tactics, targets, and the shadowy alliances they maintain, particularly with the Black Cat Russian hacking group, offer a chilling glimpse into the world of international cyber threats.


The Scattered Spider: A Profile

Scattered Spider is not just another name in the ever-expanding list of cybercriminal organizations. It stands out for its unique approach to cyber-attacks. Unlike many other groups that focus on direct financial theft, Scattered Spider's strategies often involve intricate schemes like espionage, data manipulation, and disruption of critical infrastructure.

Mostly constituting themselves of US born, American hackers, their operations are marked by a careful selection of targets, meticulous planning, and execution that utilizes advanced malware, phishing, and ransomware techniques. The group primarily targets corporations, hospitals and government entities, extracting sensitive information or causing significant operational disruptions.


Youthful Perpetrators: A Disturbing Trend

A particularly disturbing aspect of Scattered Spider is the youthful age of its members. Many of its hackers are surprisingly young, with some reportedly as young as thirteen to early twenties. This trend highlights a worrying shift in cybercrime, where savvy, tech-native youths apply their skills in destructive ways. Their young age often belies the sophistication of their methods and the severity of their crimes, adding an additional layer of complexity to law enforcement's response. The allure of easy money, thrill, or ideological motivation draws these young individuals deeper into the world of cybercrime.


A Notorious Attack: The Energy Sector Incident

One of the most alarming incidents attributed to Scattered Spider occurred in the energy sector. This attack, which unfolded over several months, involved a series of breaches at various energy facilities. Initially, the attacks seemed sporadic and unrelated. However, as the pattern emerged, it became clear that Scattered Spider was behind the orchestrated chaos.

Using a sophisticated malware known as "GridBreaker," they managed to infiltrate the control systems of several power plants. This malware not only allowed them to extract sensitive operational data but also enabled them to install backdoors for potential future offenses. The ultimate goal appeared to be the ability to shut down these facilities remotely, posing a significant threat to national security.

Case Study - Las Vegas Attack 2023

In a recent audacious cyber heist, the notorious Scattered Spider group targeted several Las Vegas casinos with a sophisticated ransomware attack. Utilizing an signature method called "social engineering", the group infiltrated casino management systems by a slow collection of data on one employee from the MGM Resorts. Scattered Spider collected data and personal identifying  information regarding the employee from the dark web, social media, and other open sources to form an identity of this one employee. Armed with this data, a savvy speaking member of Scattered Spider contacted MGM Resorts IT support and requested the password for this employees' email to be reset. Once the password was reset, the actor was able to get the password reset, thus granting full access to the entire system.

Once inside, they deployed ransomware that encrypted critical data across slot machines, payment systems, and reservation platforms, effectively paralyzing operations. Some casinos, like the MGM Resorts, adhering to a strict policy against negotiating with cybercriminals, refused to pay the demanded ransom. This decision, while principled, led to significant financial repercussions. The immediate loss of revenue from halted operations was exacerbated by the long-term impact on customer trust and additional costs related to system restorations and strengthened security measures. The ransomeware amount demanded by Scattered Spider was $30 million, but the total cost of this disruption, including the loss of services, is estimated to be approximately between $100 - $120 of million dollars, illustrating the severe consequences of such high-stakes cyberattacks on major business hubs.

Link to full 60 Minutes Scattered Spider report.


Alliance with Black Cat: A Cybercrime Pact

Perhaps more concerning than their standalone activities is Scattered Spider's alleged alliance with the Black Cat Russian hacking group. Black Cat, known for its deep ties to Russian intelligence services, has a notorious history of disruptive cyber activities across the globe. This alliance suggests a troubling escalation in cyber threats, with pooled resources and shared intelligence amplifying the potential impact of their operations.

This partnership reportedly allows both groups to access more sophisticated tools and a wider network of targets. For instance, Black Cat's expertise in creating ransomware complements Scattered Spider's strategic targeting capabilities, creating a formidable force in the cyber underworld.


Implications and Responses

The activities of Scattered Spider, especially in conjunction with Black Cat, pose significant challenges for cybersecurity professionals worldwide. The alliance indicates a trend towards more organized, state-backed or state-tolerated cybercriminal endeavors, which can have devastating consequences on a global scale.

In response, international cybersecurity alliances like Interpol's Cybercrime Division and the FBI’s Cyber Division have ramped up efforts to track, expose, and counteract these groups. Cooperation among nations, sharing of intelligence, and the development of advanced cybersecurity technologies are seen as critical steps in combating these threats.



The rise of groups like Scattered Spider highlights the evolving and increasingly dangerous landscape of cybercrime. Their sophisticated attacks and strategic alliances with groups like Black Cat underscore the need for robust cybersecurity measures and international cooperation.

As cyber threats grow more intricate and damaging, the global community must remain vigilant and prepared to counter these digital marauders. Brunner Sierra Group, partnering with elite Cyber Security Teams, works to provide a strong security envelope around their clients. The battle against cybercrime is far from over, and it is a fight that requires the collective effort of governments, the private sector, and cybersecurity professionals worldwide.