Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology (IT) help desks. The threat actors, per trusted third parties, have typically engaged in data theft for extortion and have also been known to utilize BlackCat/ALPHV ransomware alongside their usual tactics, techniques, and procedures.
The group is also known as Starfraud, UNC3944, Scatter Swine, and Muddled Libra, and they are considered experts in social engineering. The threat actors use multiple social engineering techniques, especially phishing, push bombing, and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA).