Hacking collective Scattered Spider has updated its attack toolkit to include the Qilin and RansomHub ransomware payloads, which have been used in its intrusions since the second quarter, according to BleepingComputer.
After compromising Microsoft, AT&T, Twitter, and over 130 other organizations as part of the widespread 0ktapus campaign shortly after its emergence in early 2022, Scattered Spider — also known as UNC3944 and Octo Tempest — engaged in more extensive account takeover attacks until early last year before transitioning to full-fledged ransomware attacks as an affiliate of the BlackCat ransomware gang in the middle of 2023, reported Microsoft. More than 130 organizations have also been compromised by the Qilin ransomware gang since surfacing in August 2022, with the group ramping up intrusions since its development of a sophisticated VMware ESXi virtual machine-targeting Linux encryptor. UK pathology services provider Synnovis was one of the most recent victims of Qilin's debilitating attacks, which resulted in the massive disruption of medical services across London.