Cybercrime high Western (US/UK/Canada)

Scattered Spider

English-speaking cybercrime collective (likely US/UK) · Financial gain / ransomware deployment

Reports 1

Active Since 2022

Last Reported 28 Apr 2026

Sectors Targeted finance, communications, legal-professional

Tactics, Techniques & Procedures (TTPs)

Social engineering (vishing, help-desk impersonation)
SIM swapping for MFA bypass
MFA fatigue / push bombing
Identity provider compromise (Okta, Azure AD)
Cloud environment lateral movement
ALPHV/BlackCat and RansomHub affiliate activity

Known Targets

MGM ResortsCaesars EntertainmentMajor hospitality and gaming organisationsRetail and financial servicesUS Fortune 500 companies

Analyst Notes

Notably English-speaking, uses deep knowledge of corporate IT processes and internal jargon. Highly effective at social engineering enterprise help desks. Members believed to be 16–22 years old.

Also Known As

UNC3944Muddled LibraStarfraudOcto Tempest

Intelligence Reports

Analysis financecommunications

Scattered Spider: When Social Engineering Becomes a Professional Discipline

The group behind the MGM Resorts and Caesars Entertainment attacks isn't a nation-state operation or a seasoned criminal enterprise. They're young, English-speaking, and they're better at manipulating people than most security teams are at stopping them.

28 Apr 2026 · 15 min read