Close Menu
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
What's Hot

Why is LDO’s price up today? Lido’s AI speculation, $60M leverage & more…

July 8, 2026

Malaysian Sweep in Crypto Mining Strikes at Illegal Operations

July 8, 2026

Digital Chamber amicus brief urges dismissal of NY lawsuit over 39,069 Bitcoin wallets

July 8, 2026
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook X (Twitter) Instagram
CryptoPulseDaily.com
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
CryptoPulseDaily.com
Home»Security and Privacy»Scattered Spider’s Structure More Like a Cybercrime Collective
Scattered Spider’s Structure More Like a Cybercrime Collective
Security and Privacy

Scattered Spider’s Structure More Like a Cybercrime Collective

July 7, 2026No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

Scattered Spider has been reclassified as a decentralized cybercrime collective composed of independent clusters rather than a single, organized threat group.

Group-IB analysis, published on June 7, challenges the traditional view of the activity as one coordinated operation, arguing that multiple actors share tactics, tools and communities while operating separately.

The firm said this model helps explain why activity attributed to Scattered Spider has continued despite arrests and disruption efforts targeting some alleged members.

The group, also tracked under names including 0ktapus, Muddled Libra, Octo Tempest and UNC3944 by different security vendors, has been linked to several high-profile incidents since 2022.

Read more on Scattered Spider attacks: Alleged Scattered Spider Member Extradited to US

A Collective Connected by Tactics Rather Than Structure

Group-IB’s research argued that Scattered Spider does not operate with a central hierarchy or shared leadership structure. Instead, the firm described it as a set of smaller clusters connected through common techniques, tools and online communities.

The analysis compared the structure to that of the Anonymous hacktivist collective, in which separate groups operate under a shared identity without necessarily coordinating directly.

The report also said that some activity previously attributed to Scattered Spider may have been carried out by unrelated actors.

Group-IB specifically distinguished its 0ktapus tracking from the cluster linked to the Marks & Spencer and Co-op attacks, stating there is no evidence they were operated by the same individuals.

The firm identified several recurring targeting patterns across observed clusters, including:

  • Employees at technology and communications companies used as access points

  • Mobile carrier staff targeted for SIM swapping operations

  • Cryptocurrency users targeted through fraud campaigns

  • Enterprises compromised for extortion and ransomware activity

See also  Crypto Billionaire Attacks Trump Family-Linked World Liberty Financial's Structure, Says Single Individual Can Freeze Any Token Holder's Assets

Social Engineering Remains Central to Operations

Despite differences between clusters, Group-IB found that social engineering remains a common thread across Scattered Spider activity. Attackers frequently impersonate IT, security or human resources teams to persuade employees to provide credentials or access.

The research found that attackers commonly use phishing pages impersonating identity providers, including Okta, Microsoft, Citrix and Google.

Group-IB also observed some clusters combining enterprise compromises with cryptocurrency theft operations. Attackers used stolen credentials, SIM swaps and phishing campaigns to target cryptocurrency users while also compromising organizations to gather intelligence on potential victims.

The report noted that some clusters have also used commercial remote access tools such as AnyDesk and recruited insiders at telecommunications companies to assist with unauthorized access.

Group-IB concluded that Scattered Spider’s decentralized nature means arrests targeting individual members are unlikely to eliminate the broader threat. 

Instead, organizations should focus on defending against the shared tactics used across clusters, particularly identity-based attacks and social engineering attempts.

Source link

Collective Cybercrime Scattered Spiders structure
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner

July 8, 2026

Summer Finance Pauses Vaults After $65.4M Flash Loan Attack Triggers $6M Loss

July 6, 2026

Indirect Prompt Injection in Web Content Targets AI Agents

July 6, 2026

Florida’s new crypto ATM law makes scam refunds the cost of doing business

July 1, 2026
Add A Comment
Leave A Reply Cancel Reply

Top Posts

SBF’s Brother Wanted To Create Genetically Enhanced Humans on a Micronesian Island

August 14, 2023

eToro halts ALGO, MANA, MATIC and DASH purchases for US customers

June 13, 2023

Stellar (XLM) Surges 42% In One Week, What’s Pushing It?

July 19, 2023

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

Our mission is to develop a community of people who try to make financially sound decisions. The website strives to educate individuals in making wise choices about Crypto, ICOs, Web3, Blockchain and more.

We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

Why is LDO’s price up today? Lido’s AI speculation, $60M leverage & more…

July 8, 2026

Malaysian Sweep in Crypto Mining Strikes at Illegal Operations

July 8, 2026

Digital Chamber amicus brief urges dismissal of NY lawsuit over 39,069 Bitcoin wallets

July 8, 2026
Get Informed

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2026 Crypto Pulse Daily - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.

Cleantalk Pixel
  • bitcoinBitcoin(BTC)$62,197.00-2.23%
  • ethereumEthereum(ETH)$1,737.43-2.61%
  • tetherTether(USDT)$1.00-0.01%
  • binancecoinBNB(BNB)$566.26-2.48%
  • usd-coinUSDC(USDC)$1.000.00%
  • rippleXRP(XRP)$1.09-2.69%
  • solanaSolana(SOL)$77.28-4.81%
  • tronTRON(TRX)$0.329681-0.43%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.030.47%
  • HyperliquidHyperliquid(HYPE)$67.22-4.16%