Close Menu
TechurzTechurz
    What's Hot

    Startup Battlefield Australia application closes in days: Apply before July 6

    June 30, 2026

    Acti puts AI agents directly into your smartphone keyboard

    June 30, 2026

    The DeepMind trio who built a poker AI are now making money for quant hedge funds

    June 30, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Startup Battlefield Australia application closes in days: Apply before July 6
    • Acti puts AI agents directly into your smartphone keyboard
    • The DeepMind trio who built a poker AI are now making money for quant hedge funds
    • Nvidia competitor Etched hits $5B valuation, $1B in sales for AI chip
    • Clicks shows off its BlackBerry-inspired phone in a new hands-on video
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Cyber Reality - Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims
    Cyber Reality

    Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims

    TechurzBy TechurzSeptember 17, 2025Updated:May 10, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Sep 17, 2025Ravie LakshmananThreat Intelligence / Cybercrime

    Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going “dark.”

    Threat intelligence firm ReliaQuest said it has observed indications that the threat actor has shifted their focus to the financial sector. This is supported by an increase in lookalike domains potentially linked to the group that are geared towards the industry vertical, as well as a recently identified targeted intrusion against an unnamed U.S. banking organization.

    “Scattered Spider gained initial access by socially engineering an executive’s account and resetting their password via Azure Active Directory Self-Service Password Management,” the company said.

    “From there, they accessed sensitive IT and security documents, moved laterally through the Citrix environment and VPN, and compromised VMware ESXi infrastructure to dump credentials and further infiltrate the network.”

    To achieve privilege escalation, the attackers reset a Veeam service account password, assigned Azure Global Administrator permissions, and relocated virtual machines to evade detection. There are also signs that Scattered Spider attempted to exfiltrate data from Snowflake, Amazon Web Services (AWS), and other repositories.

    Exit or Smokescreen?

    The recent activity undercuts the group’s claims that they were ceasing operations alongside 14 other criminal groups, such as LAPSUS$. Scattered Spider is the moniker assigned to a loose-knit hacking collective that’s part of a broader online entity called The Com.

    The group also shares a high degree of overlap with other cybercrime crews like ShinyHunters and LAPSUS$, so much so that the three clusters formed an overarching entity named “scattered LAPSUS$ hunters.”

    One of these clusters, notably ShinyHunters, has also engaged in extortion efforts after exfiltrating sensitive data from victims’ Salesforce instances. In these cases, the activity took place months after the targets were compromised by another financially motivated hacking group tracked by Google-owned Mandiant as UNC6040.

    The incident is a reminder not to be lulled into a false sense of security, ReliaQuest added, urging organizations to stay vigilant against the threat. As in the case of ransomware groups, there is no such thing as retirement, as it’s very much possible for them to regroup or rebrand under a different alias in the future.

    “The recent claim that Scattered Spider is retiring should be taken with a significant degree of skepticism,” Karl Sigler, security research manager of SpiderLabs Threat Intelligence at Trustwave, said. “Rather than a true disbanding, this announcement likely signals a strategic move to distance the group from increasing law enforcement pressure.”

    Sigler also pointed out that the farewell letter should be viewed as a strategic retreat, allowing the group to reassess its practices, refine its tradecraft, and evade ongoing efforts to put a lid on its activities, not to mention complicate attribution efforts by making it harder to tie future incidents to the same core actors.

    “It’s plausible that something within the group’s operational infrastructure has been compromised. Whether through a breached system, an exposed communication channel, or the arrest of lower-tier affiliates, something has likely triggered the group to go dark, at least temporarily. Historically, when cybercriminal groups face heightened scrutiny or suffer internal disruption, they often ‘retire’ in name only, opting instead to pause, regroup, and eventually re-emerge under a new identity.”

    attacks claims Financial Resurfaces Retirement Scattered Sector Spider
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous Article5 steps for deploying agentic AI red teaming
    Next Article Vaccines Are A Hard Business. RFK Jr.’s CDC Is Making It Even Harder
    Techurz
    • Website

    Related Posts

    Cyber Reality

    Digital Identity Protection: 7 Hidden Risks Most Users Miss

    May 25, 2026
    Cyber Reality

    Neural Data Policy: 7 Risks That Brain Privacy Laws Miss

    May 25, 2026
    Cyber Reality

    How AI Changing Cyber Crime: 7 Critical Shifts to Watch

    May 25, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622

    Future of Digital Privacy and Security: 7 Truths Nobody Tells You

    May 25, 202619
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.