{"id":2067,"date":"2023-11-16T19:34:52","date_gmt":"2023-11-16T19:34:52","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78019"},"modified":"2023-11-16T19:34:52","modified_gmt":"2023-11-16T19:34:52","slug":"u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/11\/16\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group\/","title":{"rendered":"U.S. officials urge more information sharing on prolific cybercrime group"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>U.S. officials urge more information sharing on prolific cybercrime group | CyberScoop<\/title> <meta name=\"description\" content=\"An aggressive ransomware group has hit a series of prominent targets in recent months without any arrests being made.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/fbi-scattered-spider-investigation\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"U.S. officials urge more information sharing on prolific cybercrime group\"> <meta property=\"og:description\" content=\"An aggressive ransomware group has hit a series of prominent targets in recent months without any arrests being made.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/fbi-scattered-spider-investigation\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-11-16T19:34:52+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1699561119g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1698686983g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1698989400g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/78019\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=78019\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffbi-scattered-spider-investigation%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffbi-scattered-spider-investigation%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-78019 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/fbi-scattered-spider-investigation\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.222081218274\">\n<div class=\"single-article__header-content\" readability=\"30.309012875536\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> An aggressive ransomware group has hit a series of prominent targets in recent months without any arrests being made. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Caesars Palace Hotel sits along Las Vegas Blvd, along the strip in Las Vegas, NV on Wednesday, April 30, 2014. (Photo by Sandy Huffaker\/Corbis via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"39.581995554458\"><body readability=\"79.56691886251\"><\/p>\n<p>U.S. government officials are struggling to determine the full scope of hacking activity carried out by an aggressive group that has rocketed to public prominence after <a href=\"https:\/\/cyberscoop.com\/las-vegas-mgm-caesars-cyber-attack\/\">breaching two Las Vegas resort operators<\/a>, U.S. law enforcement and cybersecurity officials said during a briefing with reporters Thursday. <\/p>\n<p>Senior FBI officials declined to share details on the status of their investigation targeting a group known as Scattered Spider and said that the bureau needs more information from victims to properly understand breadth of the group\u2019s operations. Analysts who follow the matter believe Scattered Spider includes people in America and the United Kingdom.<\/p>\n<p>The FBI has known the identities of \u201cat least a dozen members tied to the hacking group\u201d for more than six months, <a href=\"https:\/\/www.reuters.com\/technology\/cybersecurity\/fbi-struggled-disrupt-dangerous-casino-hacking-gang-cyber-responders-say-2023-11-14\/\">Reuters reported Tuesday<\/a>, and FBI officials bristled at criticism that the bureau is failing to take action against the group. <\/p>\n<p>\u201cJust because you don\u2019t see actions being taken, it doesn\u2019t mean there aren\u2019t actions being taken,\u201d a senior FBI official said on the call. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Officials on Thursday\u2019s call urged targeted companies to share more information with law enforcement. The call coincided with an <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-320a\">FBI and CISA joint advisory<\/a> describing the techniques, tactics and procedures associated with the group behind the attacks, which industry researchers variously describe as Scattered Spider, UNC3944, Scatter Swine, and Muddled Libra. <\/p>\n<p>While described as a group for ease of tracking, the activity emanates from an ecosystem of disparate, sometimes competing factions known as \u201cthe Com,\u201d short for \u201ccommunity.\u201d A subset of people in the Com are known to engage in a range of both cyber-related crimes but also physical violence for hire.<\/p>\n<p>An <a href=\"https:\/\/cyberscoop.com\/com-scattered-spider-tradecraft\/\">October report from Microsoft<\/a> detailed some of the more explicit threats of violence associated with the group, including threats related to victims\u2019 family members and their homes.<\/p>\n<p>The officials said there have been additional victims in the wake of the September attacks on MGM Resorts and Caesars Entertainment but declined to share a total number of targeted organizations or discuss how many of those organizations have shared information with the FBI. Victims are spread across the country and various field offices are involved in an investigation that officials described as centrally managed. <\/p>\n<p>The FBI officials also declined to share any details on the extent to which Scattered Spider is working with <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2022\/04\/22\/fbi-releases-iocs-associated-blackcatalphv-ransomware\">ALPHV<\/a>, an established ransomware operation <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/alphv-blackcat-this-years-most-sophisticated-ransomware\/\">believed to be based in Russia<\/a> with a track record of successfully attacking dozens of entities around the world and extorting tens of millions of dollars from its victims.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The hackers involved in the Caesars and MGM attacks have been known to use ALPHV ransomware as part of extortion operations, and <a href=\"https:\/\/cyberscoop.com\/las-vegas-mgm-caesars-cyber-attack\/\">ALPHV claimed the attack on MGM<\/a> on its website in September. <\/p>\n<p>\u201cIt\u2019s only natural that groups like this, who are revenue focused, are going to look at whatever other methods they can\u201d to take money from victims, the official said Thursday. \u201cRansomware is one of those methods that can force a victim, at times, to make a payment. It\u2019s a natural progression of any entity looking to take advantage of victims to their own benefit.\u201d <\/p>\n<p>Caesars reportedly paid roughly $15 million to the attackers, <a href=\"https:\/\/www.wsj.com\/business\/hospitality\/caesars-paid-ransom-after-suffering-cyberattack-7792c7f0\">the Wall Street Journal reported<\/a> at the time. MGM Resorts did not pay, but <a href=\"https:\/\/www.nbcnews.com\/business\/business-news\/cyberattack-cost-mgm-resorts-100-million-las-vegas-company-says-rcna119138\">reported in federal filings<\/a> that the attack would cost the company more than $100 million. <\/p>\n<p>The FBI official said the agency still encourages victims of ransomware to not to pay. Proceeds from ransom payments are only going to end up as either profit for the attackers, the official said, or \u201creinvested into additional operations that target additional entities, to include, very often, the same victims who have already paid.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.2697674418605\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/u-s-officials-urge-more-information-sharing-on-prolific-cybercrime-group-1.jpg?w=640&#038;ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/fbi-scattered-spider-investigation\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S. officials urge more information sharing on prolific cybercrime group<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1209,282,273,952,953,984],"tags":[668,286,279,957,958,986],"class_list":["post-2067","post","type-post","status-publish","format-standard","hentry","category-cisa","category-cybercrime","category-fbi","category-mgm","category-scattered-spider","category-the-com","tag-cisa","tag-cybercrime","tag-fbi","tag-mgm","tag-scattered-spider","tag-the-com"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fbi\/\" rel=\"category tag\">FBI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mgm\/\" rel=\"category tag\">MGM<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/scattered-spider\/\" rel=\"category tag\">Scattered Spider<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/the-com\/\" rel=\"category tag\">The Com<\/a>","tag_info":"The Com","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2067","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2067"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2067\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2067"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2067"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2067"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}