Scattered Spider

Also known as: UNC3944, Octo Tempest, Star Fraud, 0ktapus

Overview

English-speaking group specializing in social engineering against enterprises. Evolved from SIM swapping to sophisticated ransomware operations. Responsible for MGM Resorts and Caesars breaches.

MITRE ATT&CK Coverage

Recon

Res Dev

Init Access

Execution

Persistence

Priv Esc

Def Evasion

Cred Access

Discovery

Lat Move

Collection

Exfil

Impact

2 of 14 tactics observed

Raw TTPs

Social EngineeringSIM SwappingMFA FatigueHelp Desk ManipulationIdentity Provider Abuse

Related Intelligence (3)

CRITICALData BreachExploited

Scattered Spider Breaches Major US Health Insurer — 8.2M Records Exposed

Scattered Spider breaches top-5 US health insurer via help desk social engineering. 8.2M member records including PHI exfiltrated.

Okta

6d agoHHS / FBI Joint Advisory

HIGHPhishingExploited

Scattered Spider Uses AI Voice Cloning to Bypass Voice-Based MFA

Scattered Spider adopts AI voice cloning to defeat voice verification MFA at financial institutions. Three banks confirm successful bypass.

Voice MFA Systems

Mar 16, 2026FS-ISAC

LOWApt

Scattered Spider Member Arrested in Spain — FBI Unseals Indictment

FBI and Spanish police arrest alleged Scattered Spider member linked to MGM, Caesars, and healthcare breaches. Indictment details $100M+ in damages.

N/A

Mar 3, 2026FBI / Europol

Command Palette