219/68 Wednesday, June 18, 2025
Cyber threat analysts from Google’s Threat Intelligence Group (GTIG) have warned that the hacker group Scattered Spider has shifted its focus to targeting insurance companies in the United States. The group is employing tactics previously seen in attacks on the retail sector in both the U.K. and the U.S. According to John Hultquist, Head of Threat Analysis at GTIG, the latest attacks exhibit all the hallmarks associated with Scattered Spider, and he cautions the insurance industry to remain especially vigilant, as the group tends to concentrate on one sector at a time.
Scattered Spider — also known as 0ktapus or UNC3944 — is known for using advanced social engineering techniques to bypass high-level security systems. Their methods often include phishing, SIM-swapping, and MFA fatigue to gain unauthorized access to networks. In the final stage of attacks, the group has been observed deploying ransomware such as RansomHub and DragonForce. Experts recommend organizations strengthen identity management practices, and train employees to recognize social engineering threats via SMS, phone calls, or chat platforms, which may involve intimidation tactics to manipulate victims.
The U.K.’s National Cyber Security Centre (NCSC) has also issued guidance in light of similar attacks targeting major retailers like Marks & Spencer and Harrods. Their recommendations include enabling multi-factor authentication (MFA), monitoring for unusual login attempts, and reviewing password reset procedures — especially for privileged admin accounts. Organizations are also advised to watch for logins from suspicious VPNs to detect early signs of compromise.
