FBI and CISA Warn About Scattered Spider’s New Cyber Attack Methods
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a new warning about a dangerous hacking group called Scattered Spider. Also known as UNC3944 or Starfraud, this group has started using new tricks to break into computer systems across the United States. The alert was published on July 31, 2025, and it explains how the group is getting better at bypassing security controls and attacking important targets.
Who Is Scattered Spider?
Scattered Spider is a cybercriminal group that has been targeting companies and organizations in different industries. These include:
- Telecommunications
- Technology
- Critical infrastructure, such as utilities and transportation
New Tactics to Break Through Security
According to the FBI and CISA, Scattered Spider has changed its tactics in 2025. The group now focuses more on breaking through multi-factor authentication (MFA), which is supposed to be an extra layer of security. Their new methods include:
- SIM swapping: Stealing a person’s phone number to receive security codes
- MFA fatigue attacks: Bombarding employees with repeated requests for authentication until they finally approve one by mistake
- Phishing: Sending fake emails or messages to trick people into giving up passwords or security codes
What Happens After a Breach?
Once Scattered Spider gets inside a network, they often use legitimate remote management tools and living-off-the-land binaries—which are built-in programs on computers—to move around without being noticed. They steal login details and use them to access more parts of the system.
The group has been seen:
- Deploying ransomware (locking up files and demanding money to release them)
- Stealing sensitive data, like customer information or business secrets
- Threatening to leak stolen information unless the victim pays a ransom
How Can Organizations Protect Themselves?
The FBI and CISA have provided a detailed list of indicators of compromise (IOCs). These are clues that a system has been targeted, such as:
- Suspicious IP addresses
- Dangerous web domains
- File hashes linked to the group’s malware
- Enforce strong MFA policies and closely watch for strange login attempts
- Teach employees about social engineering and phishing so they can spot suspicious messages
- Limit the use of remote management tools and monitor for any unauthorized access
- Use network segmentation and least-privilege access, so people can only reach the parts of the network they really need
The Growing Danger of Cybercriminals
This new warning shows just how dangerous cybercriminal groups like Scattered Spider have become. They use a mix of technical skills and aggressive social engineering to steal money and information. Attacks like these are becoming more common and harder to stop, especially when hackers are able to change their methods so easily.
With the rise of ransomware and data leaks, the FBI and CISA are urging all American organizations to review their cybersecurity and make improvements right away. Staying alert and following the recommended steps can help protect against these evolving threats.
What Should You Do?
If you work for a company or organization, it’s important to:
- Be cautious about unexpected emails, calls, or messages, even if they seem to come from someone you know
- Never share your passwords or security codes with anyone
- Report anything suspicious to your IT or security team as soon as possible
- Keep learning about the latest scams and tricks used by cybercriminals