DEEP RESEARCH: Who’s Most Likely to Abuse MCP Integrations? #UNC3944, #TraderTraitor, #UNC6293 ?

MCP-era risk isn’t exploits—it’s authorized tool/integration abuse (OAuth consent, device codes, app passwords). We ranked who’s best positioned..

#AlphaHunt #OAuth #MCP

A Peek Into Muddled Libra’s Operational Playbook Explore the tools Unit 42 found on a Muddled Libra rogue host. Learn how they target domain controllers and use search engines to aid their attack...

#Cybercrime #Threat #Actor #Groups #Muddled […]

[Original post on unit42.paloaltonetworks.com]

OAuth tokens > firewalls. #UNC6395 loots #CRM via hijacked tokens; #UNC3944 vishes help desks then jumps to hypervisors. Audit scopes. Lock resets with phishing-resistant MFA. Read👇
blog.alphahunt.io/saas-data-th...

#AlphaHunt #CyberSecurity #SaaS #OAuth

SIM-Swapper, Scattered Spider Hacker Gets 10 Years A 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy. Florida prosecutors alleged Urban conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks that diverted their mobile phone calls and text messages to devices controlled by Urban and his co-conspirators.

UNC3944 exploits VMware vSphere and Azure, using social engineering and advanced tactics to infiltrate virtual infrastructures. Strengthen defenses to protect against these evolving threats. #CyberSecurity #UNC3944 #VMware #Azure Link: thedailytechfeed.com/unc3944s-adv...

UNC3944 Targets vSphere via Help Desk

~Mandiant~
UNC3944 uses social engineering against IT help desks to gain vSphere access and deploy ransomware directly from the hypervisor.
-
IOCs: c2. attacker. net
-
#ThreatIntel #UNC3944 #vSphere

Researchers warn threat actors in UK retail attacks are targeting US sector Google Threat Intelligence researchers say the hackers behind intrusions at multiple British retailers are launching similar social engineering attacks against American companies.

🚨 Groups like #UNC3944 (aka Scattered Spider) are using voice phishing & help desk spoofing to target U.S. retailers.

#RHISAC’s Pam Lindemoen shares with @cybersecuritydive.bsky.social how collaboration with Google Cloud is helping members stay ahead.

🔗 www.cybersecuritydive.com/news/threat-...

Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again? UNFInished business: We were warned this would happen. And now here we are.

United Natural Foods (UNFI) had to switch off systems after a cyberattack, crippling its operations. This is a huge deal, because #UNFI is a big part of the grocery distribution network.

Once again, it looks like the work of #UNC3944, a/k/a #ScatteredSpider. In #SBBlogwatch, we hoard canned goods.

Researchers warn threat actors in UK retail attacks are targeting US sector Google Threat Intelligence researchers say the hackers behind intrusions at multiple British retailers are launching similar social engineering attacks against American companies.

🚨 Threat groups like #UNC3944 (aka Scattered Spider) are using voice phishing & help desk spoofing to target U.S. retailers.

#RHISAC’s Pam Lindemoen shares with Cyber Security Dive how collaboration with Google Cloud is helping members stay ahead.

🔗 www.cybersecuritydive.com/news/threat-...

Vishing: Technical Threat Analysis

~Mandiant~
Threat actors use vishing to impersonate IT, reset MFA/credentials, and exfiltrate data.
-
IOCs: UNC3944, UNC6040
-
#SocialEngineering #ThreatIntel #UNC3944 #Vishing

Scattered Spider Profile

~Varonis~
Scattered Spider (UNC3944) targets large orgs via social engineering for ransomware & data extortion.
-
IOCs: DragonForce Ransomware, Mimikatz
-
#Ransomware #ScatteredSpider #ThreatIntel #UNC3944

🚨 #UNC3944 is back. Join #RH-SAC & Google on May 23 at 10 AM ET for a member-only webinar on how to harden your defenses against #ScatteredSpider.

💡 Learn evolving tactics, response best practices & sector-specific strategies.

🔒 Register: rhisac.org/event/proact...

Awakari App

Google Warns UK Retailer Hackers Now Targeting US Google says the hacking group behind the recent...

www.securityweek.com/google-warns-uk-retailer...

#Ransomware #DragonForce #ransomware #retail #Scattered #Spider #UNC3944 #US

Result Details

Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware) Arachnid alarm: Three major British retailers recently attacked, resulting in huge damage. Now we see the self-same scum spotlighting stores in the States.

Google’s Mandiant threat intelligence team issued this dire warning yesterday. The scrotes appear to be #UNC3944, a/k/a #ScatteredSpider, a casual confederacy of criminals wielding #DragonForce #ransomware.

“Shields up,” quipped Mandiant’s chief analyst. In #SBBlogwatch, we hail the Kobayashi Maru:

Defending Against UNC3944

~Mandiant~
Hardening guidance against UNC3944 (Scattered Spider), a threat actor known for social engineering, ransomware, and data theft.
-
IOCs: DragonForce, RansomHub
-
#ScatteredSpider #SocialEngineering #ThreatIntel #UNC3944