← Back to Actors
Scattered Spider
Scattered SpiderRoasted 0ktapusOcto TempestStorm-0875UNC3944
[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially targeted customer relationship management (CRM) providers, business process outsourcing (BPO) firms, and telecommunications and technology companies before expanding in 2023 to gaming, hospitality, retail, managed service provider (MSP), manufacturing, and financial sectors. (Citation: MSTIC Octo Tempest Operations October 2023) [Scattered...
66
Techniques
62
Covered
4
Gaps
94%
Coverage
Coverage62/66
GAPS (4)
COVERED (62)
T1003.003NTDS36 det.T1006Direct Volume Access8 det.T1016System Network Configuration Discovery40 det.T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1021.004SSH35 det.T1021.007Cloud Services12 det.T1041Exfiltration Over C2 Channel32 det.T1059.001PowerShell372 det.T1059.004Unix Shell165 det.T1068Exploitation for Privilege Escalation99 det.T1069Permission Groups Discovery35 det.T1069.002Domain Groups44 det.T1070.008Clear Mailbox Data10 det.T1074Data Staged12 det.T1078Valid Accounts297 det.T1078.004Cloud Accounts183 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1087Account Discovery55 det.T1087.002Domain Account57 det.T1090Proxy48 det.T1098Account Manipulation229 det.T1098.003Additional Cloud Roles54 det.T1105Ingress Tool Transfer184 det.T1114Email Collection18 det.T1114.003Email Forwarding Rule15 det.T1133External Remote Services74 det.T1136Create Account38 det.T1204User Execution87 det.T1213.003Code Repositories9 det.T1217Browser Information Discovery4 det.T1219.002Remote Desktop Software52 det.T1484.002Trust Modification14 det.T1486Data Encrypted for Impact374 det.T1490Inhibit System Recovery62 det.T1530Data from Cloud Storage32 det.T1538Cloud Service Dashboard2 det.T1539Steal Web Session Cookie16 det.T1543.002Systemd Service13 det.T1552.001Credentials In Files61 det.T1552.004Private Keys23 det.T1553.002Code Signing4 det.T1555.005Password Managers4 det.T1556.006Multi-Factor Authentication25 det.T1556.009Conditional Access Policies5 det.T1562.001Disable or Modify Tools316 det.T1564.008Email Hiding Rules9 det.T1567.002Exfiltration to Cloud Storage31 det.T1572Protocol Tunneling59 det.T1578.002Create Cloud Instance4 det.T1580Cloud Infrastructure Discovery26 det.T1583.001Domains62 det.T1588.001Malware2 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1598Phishing for Information1002 det.T1598.003Spearphishing Link312 det.T1621Multi-Factor Authentication Request Generation24 det.T1656Impersonation223 det.T1657Financial Theft15 det.T1685Disable or Modify Tools279 det.