Scattered Spider are known for their use of identity-based techniques, specialising in account takeover through stolen credentials, phishing, and advanced social engineering such as help desk scams. After compromising identity infrastructure, they pivot to server environments on-premises and in the cloud and deploy ransomware for financial gain.
But in 2025, security researchers have identified a significant increase in Scattered Spider’s use of MFA-bypassing AiTM phishing kits, with a host of (increasingly widespread) detection evasion methods.
https://pushsecurity.com/
