Cloud Security

Scattered Spider Targets Corporate Clouds

Share
Abstract illustration of cloud security services, stylized cloud icon integrated with a secure padlock symbol, representing data protection and cybersecurity in cloud computing environments.

Organizations in the finance and insurance sectors are having their corporate cloud systems targeted for data exfiltration and extortion by the prolific hacking collective Scattered Spider in new attacks, indicating the operation's focus on lucrative payouts, according to SC Media.

Aside from scouring inadvertently exposed cloud access tokens in GitHub and other services, as well as purchasing previously stolen credentials, Scattered Spider has also been conducting smishing campaigns to infiltrate and steal sensitive data from financial and insurance entities' Microsoft EntraID, AWS EC-2, Okta, VMware Workspace One, and ServiceNow instances, an analysis from EclecticIQ revealed.

Attackers could not only demand ransoms for the exfiltrated information but also profit from reselling the credentials it had utilized for initial cloud systems compromise.

Such findings should prompt the immediate implementation of multi-factor authentication and phishing awareness programs for employees, said EclecticIQ researchers, who also urged the removal of private access tokens in developers' codes.

Scattered Spider Targets Corporate Clouds

Scattered Spider is eyeing the cloud systems of finance and insurance organizations.