TZUTC: -0500
MSGID: 1182.consprcy@1:2320/105 2cb711c3
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
After hitting top retail stores, experts warn this infamous criminal gang is
now going after US insurance giants

Date:
Tue, 17 Jun 2025 14:28:00 +0000

Description:
Google is warning Scattered Spider is shifting attention to US-based 
insurance firms.

FULL STORY

The notorious Scattered Spider cybercrime gang is apparently stepping away
from attacking high-end retailers and has begun targeting insurance
organizations in the US, experts have claimed. 

Google Threat Intelligence Group (GTIG) cybersecurity researchers claim to
have seen multiple attacks, and are now urging organizations to be on the
lookout for potential threats. 

"Google Threat Intelligence Group is now aware of multiple intrusions in the
US which bear all the hallmarks of Scattered Spider activity. We are now
seeing incidents in the insurance industry," chief GTIG analyst John 
Hultquist said in an email shared with TechRadar Pro .

DragonForce 

Scattered Spider is a loosely knit cybercriminal organization operating 
within a larger hacking community known as the Com, known for targeting one
industry at the time. 

It recently targeted high-end retailers, mostly in the UK, including Harrods,
M&S and the Co-op , and has also engaged with US companies, going for social
engineering, SIM-swapping, and ransomware . 

"Given this actor's history of focusing on a sector at a time, the insurance
industry should be on high alert, especially for social engineering schemes,
which target their help desks and call centers," Hultquist stressed. 

Although Google did not discuss who the victims are, The Register says two
US-based companies recently reported suffering a cyberattack: Erie Insurance,
and Philadelphia Insurance Company. Neither confirmed the incidents were the
work of Scattered Spider, but the news aligned suspiciously well. 

The publication also says the crooks usually start their attacks with fake
helpdesk calls, after which they trick the victims into granting access to
their devices, which is later used to deploy the DragonForce ransomware
encryptor. 

There are multiple ways to defend against ransomware attacks, but the best 
one is to raise employee awareness about phishing and social engineering,
since most attacks abuse people, rather than systems. 

 Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/after-hitting-major-shops-experts-warn-
this-criminal-gang-is-now-going-after-us-insurance-giants

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426