{"id":4484,"date":"2024-07-16T15:55:03","date_gmt":"2024-07-16T20:55:03","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/microsoft-scattered-spider-widens-web-with-ransomhub-and-qilin"},"modified":"2024-07-16T15:55:03","modified_gmt":"2024-07-16T20:55:03","slug":"microsoft-scattered-spider-widens-web-with-ransomhub-qilin","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/16\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin\/","title":{"rendered":"Microsoft: Scattered Spider Widens Web With RansomHub &amp; Qilin"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt7081b82bcde235c8\/6696e1b6be539902303efea1\/spiderweb%281800%29_Stephen_Street_alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Octo Tempest, a threat actor <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/remote-workforce\/scattered-spider-pivots-saas-application-attacks\" rel=\"noopener\">also known as Scattered Spider,<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> has added RansomHub and Qilin to its repository for use in attacks, <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/x.com\/MsftSecIntel\/status\/1812932753354047562\" rel=\"noopener\">Microsoft&#8217;s Threat Intelligence Team<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> is warning.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The gang, which first arrived on the scene in 2022, is known for its social engineering techniques, which Microsoft describes as sophisticated, as well as identity compromises, targeting of VMware ESXi servers, and deployment of BlackCat ransomware.&nbsp;It was also infamously behind the massive <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/application-security\/mgm-caesars-incident-responses-required-brutal-choices\" rel=\"noopener\">ransomware attacks on Caesars Palace and MGM Entertainment<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> last year.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Other tactics, techniques, and procedures (TTPs) the group is known to use include impersonating IT employees to deceive company staff into providing credentials or gaining persistence using remote access tools, as well as phishing, MFA bombing, and SIM swapping.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Qilin ransomware also surfaced in 2022 under a different name, &#8220;Agenda,&#8221; but quickly rebranded. The group is known to have targeted and claimed more than 130 companies, demanding ransoms from as low as $25,000 and well into millions, and is developing a customizable Linux encryptor to target VMware ESXi servers, according to Microsoft. <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/threat-intelligence\/ransomhub-brings-scattered-spider-into-its-raas-fold\" rel=\"noopener\">RansomHub,<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> meanwhile, is a ransomware-as-a-service (RaaS) offering that is becoming increasingly favored by threat actors, &#8220;making it one of the most widespread ransomware families today,&#8221; the tech giant said via X.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Octo Tempest accounts for a significant number of the investigations that the Microsoft team covers, it said, and has dominated incident response engagements it has received since first gaining attention through its <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/endpoint-security\/microsoft-0ktapus-cyberattackers-evolve-most-dangerous-status\" rel=\"noopener\">&#8220;oktapus&#8221; campaign<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, which targeted over 130 well-known organizations.<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/microsoft-scattered-spider-widens-web-with-ransomhub-and-qilin\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Octo Tempest, a threat actor also known as Scattered Spider,<\/p>\n","protected":false},"author":12,"featured_media":4485,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-4484","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?fit=2560%2C1434&ssl=1",2560,1434,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?fit=300%2C168&ssl=1",300,168,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?fit=640%2C358&ssl=1",640,358,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?fit=640%2C359&ssl=1",640,359,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?fit=1536%2C860&ssl=1",1536,860,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?fit=2048%2C1147&ssl=1",2048,1147,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?fit=1024%2C574&ssl=1",1024,574,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/microsoft-scattered-spider-widens-web-with-ransomhub-qilin-scaled.jpg?fit=2560%2C1434&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4484"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4484\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/4485"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}