Skip to content

Commit

Permalink
Merge pull request #868 from Mathieu4141/threat-actors/add-scattered-ta
Browse files Browse the repository at this point in the history
[threat-actors] Add Scattered Canary and Scattered Spider
  • Loading branch information
adulau authored Oct 2, 2023
2 parents 67543e2 + e6266e8 commit dc8f7e4
Showing 1 changed file with 32 additions and 1 deletion.
33 changes: 32 additions & 1 deletion clusters/threat-actor.json
Original file line number Diff line number Diff line change
Expand Up @@ -11766,7 +11766,38 @@
],
"uuid": "8cb6f57b-9ebb-45a6-a89f-9efdb8065d70",
"value": "Storm-0324"
},
{
"description": "When the first member of Scattered Canary, who, for the purposes of this report, we call\nAlpha, began his operations, he was a lone wolf—working mostly Craigslist scams as he learned\nthe tricks of the trade from a mentor. However, within a few years, he had honed his craft\nenough to expand into romance scams, where he met his first “employee,” Beta. Once they\nhad secured enough mules via their romance scams to launder their stolen money, they shifted\nfrom targeting individuals to targeting enterprises, and the group’s BEC operation was born.",
"meta": {
"country": "Nigeria",
"motive": "Cybercrime",
"references": [
"https://cofense.com/blog/gift-card-fraud-ecosystem-shifts-what-paxfuls-closing-means-for-business-email-compromise/",
"https://static.fortra.com/agari/pdfs/guide/ag-scattered-canary-gd.pdf",
"https://www.agari.com/blog/covid-19-unemployment-fraud-cares-act?_gl=1%2Ayzg6ns%2A_ga%2AMTkyMzIyOTI4MC4xNjk2MjUyMDA2%2A_ga_NHMHGJWX49%2AMTY5NjI1MjAwNS4xLjAuMTY5NjI1MjAwNS42MC4wLjA.&utm_source=press-release&utm_medium=prnewswire&utm_campaign=scattered20"
]
},
"uuid": "fde2d0f9-ed23-4cdc-96d3-f0a01f804707",
"value": "Scattered Canary"
},
{
"description": "Scattered Spider, a highly active hacking group, has made headlines by targeting more than 130 organizations, with the number of victims steadily increasing.",
"meta": {
"references": [
"https://www.cybersecurity-insiders.com/scattered-spider-managed-mgm-resort-network-outage-brings-8m-loss-daily/",
"https://www.loginradius.com/blog/identity/oktapus-phishing-targets-okta-identity-credentials/"
],
"synonyms": [
"UNC3944",
"Muddled Libra",
"Oktapus",
"Scattered Swine"
]
},
"uuid": "3b238f3a-c67a-4a9e-b474-dc3897e00129",
"value": "Scattered Spider"
}
],
"version": 282
"version": 283
}

0 comments on commit dc8f7e4

Please sign in to comment.