Scattered Spider, The Group That Blends Digital Attacks With Real-World Violence

This report profiles Scattered Spider (aka UNC3944 / Roasted 0ktapus), a decentralized cybercrime group active since mid-2022 that specializes in social engineering (including MFA bombing and smishing), BYOVD bypasses, and use of legitimate remote-access and tunneling tools to compromise high-profile corporate targets (MGM, Caesars, Twilio, DoorDash, MailChimp, Riot Games). It describes their tactics for lateral movement and cloud/SaaS data exfiltration, notes recent arrests of alleged members, maps techniques to MITRE ATT&CK, and recommends mobile-focused defensive measures.