Scattered Spider Tactics Observed Amid Shift to US Targets

Halcyon’s report profiles Scattered Spider, a highly capable cybercriminal group that uses sophisticated social engineering and technical methods (credential theft, ADCS abuse, signed vulnerable drivers, and legitimate remote-access tools) to rapidly exfiltrate data and deploy ransomware (DragonForce, Qilin, Akira, Play) across hybrid on-prem/cloud environments; the document maps the group’s lifecycle to MITRE ATT&CK, cites high-impact incidents, and provides detection, mitigation, and incident response recommendations.