November 21, 2023

Today, an update was issued for CISA's and the FBI's joint Cybersecurity Advisory (CSA) on Scattered Spider. The updates are included in the mitigation strategies section of the product. The updated CSA is posted below.

November 16, 2023

Today, CISA and the FBI released a joint Cybersecurity Advisory (CSA) on Scattered Spider, a cyber criminal group targeting commercial facilities sectors and subsectors. The advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations conducted as recently as November 2023 and recommended mitigations to help organizations protect their networks against these threat actors.

Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their usual TTPs. After gaining access to networks, the FBI observed Scattered Spider threat actors using publicly available, legitimate remote access tunneling tools. Actions that organizations can take today to mitigate threats posed by Scattered Spider and other malicious cyber activity are to maintain offline backups of data, enable and enforce phishing-resistant multifactor authentication, and implement application controls to manage and control software execution. 

The FBI and CISA encourage critical infrastructure organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of a cyber attack by Scattered Spider threat actors. To report suspicious or criminal activity related to information found in advisory, contact your local FBI field office, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937, or by e-mail at CyWatch@fbi.gov. If you have any further questions, or to request incident response resources or technical assistance related to these threats, contact CISA at CISAServiceDesk@cisa.dhs.gov. Access the full advisory at CISA.