Scattered Spider laying new eggs

Sekoia.io’s TDR analysis profiles the financially motivated Scattered Spider intrusion set (aka UNC3944/0ktapus/Octo Tempest) and documents its shift from social-engineering access brokerage to BlackCat ransomware affiliate activity; the report details extensive phone-based social engineering (phishing, smishing, SIM swapping, MFA bypass), recon/persistence techniques, exfiltration methods (Rclone, MEGAsync, transfer.sh, cloud storage), tooling/RMM usage, targeted sectors and high-profile victims, and provides IoCs (phishing domains and servers) and recommended monitoring.