- The gang spider spaid has resumed attacks, targeting an American bank despite its pretender becoming dark
- The pirates used phishing on the theme of Vishing and Okta to bypass the data sensitive to the MFA and the exfiltrate
- Group linked to major violations, including the flight of Salesforce affecting more than 700 companies
Retirement does not seem to be suitable for Spistered Spider because the infamous threat actor has been observed targeting banking organizations in the United States, despite the statements it “was going dark”.
Safety researchers, Reliaquest have published a new report claiming to have seen evidence of a new activity by pirates.
Among the evidence is several areas of looks related to the vertical fintech, as well as a victim – an American banking organization.
Social engineering
To violate the target organization, Spander Spider has apparently opted for Vishing (vocal phishing). The group would call employees on the phone, usurped the identity of computer staff and convince them to authorize access to malicious “connected applications”.
These apparents, apparently benign (usurpation of Salesforce, or similar), allowed the disbelievers to exfiltrate sensitive commercial data. To steal the connection identification information, the attackers used PHISHING pages on the theme of OKTA, successfully bypassing safety controls such as multi-fateur authentication.
“The scattered spider has acquired initial access by socially managing the account of an executive and by resetting their password via the management of Azure Azure Directory self-service passwords,” he said in the report.
“From there, they have accessed sensitive IT and security documents, have moved laterally to the Citrix and VPN environment, and compromised the VMware ESXi infrastructure to empty identification information and further infiltrate the network.”
The Spider dispersion is one of the three groups that would be the cause of the offenses to Jaguar Land Rover (JLR), Marks & Spencer, the cooperative, Harrods and many others.
Recently, the group has announced that it “was going to be dark” – and some researchers think that hackers fear a response from the police, while others think that it could be an easy way to rename or rotate.
It could be both, however. SPORED SPIDER is also linked to the large leak of dataforce / Salesdrift data, which seems to have affected more than 700 companies. If these affirmations prove to be authentic, it would be one of the greatest violations in recent history and, as such, would certainly attract the attention of the FBI, and perhaps even the NSA.
Via The Hacker News
