Scattered Spider Targets Snowflake Data in Sophisticated Social Engineering Attacks
Scattered Spider, a cybercriminal group notorious for its disruptive campaigns, is now focusing on victims’ Snowflake data storage environments, exploiting impersonation of IT help desks to gain initial access. According to a joint advisory from U.S., U.K., Canadian, and Australian agencies, the group uses spearphishing, vishing, and remote access tools like AnyDesk to bypass security controls, conduct reconnaissance, and exfiltrate massive volumes of data. Some attacks have involved DragonForce ransomware to further monetize access. Despite recent arrests in the U.K., security experts warn that Scattered Spider’s tactics remain active and highly effective.
The advisory highlights the group’s layered social engineering techniques, including phishing sites spoofing single sign‑on pages, use of stolen or purchased credentials, and open‑source intelligence gathering to identify high‑value targets. Industries from retail and insurance to airlines continue to feel the fallout of recent attacks, with incidents such as Victoria’s Secret suffering operational shutdowns and Hawaiian Airlines rushing to ensure traveller safety. Authorities urge organizations to strengthen monitoring for suspicious account activity and risky logins to defend against these increasingly sophisticated intrusions.
#Cybersecurity #ScatteredSpider #Snowflake #DataExfiltration #SocialEngineering #Phishing #Vishing #DragonForce #Ransomware #AnyDesk #InfoSec #CyberThreats #EnterpriseSecurity #DigitalRisk #AccountTakeover #RemoteAccess #ThreatIntelligence #FBI #Mandiant #DataBreach #RetailSecurity #AirlineSecurity #InsuranceSecurity #CyberResilience #NetworkDefense #Malware #ITHelpDesk #CredentialTheft #CyberAttack #GlobalSecurity
