Defending Against CORDIAL SPIDER and SNARKY SPIDER with Falcon Shield

Since October 2025, CrowdStrike observed CORDIAL SPIDER and SNARKY SPIDER executing fast, SaaS-focused attacks that rely on vishing and adversary-in-the-middle SSO pages to capture credentials and session tokens, allowing attackers to pivot across an organization’s SaaS ecosystem with minimal endpoint footprint; the report explains the tradecraft, detection challenges, and how Falcon Shield detects anomalous sign-ins and session behavior.