CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries

This CrowdStrike report details SCATTERED SPIDER, an eCrime adversary that uses sophisticated phone-based social engineering (help desk voice phishing and SIM swapping) to compromise Entra ID/SSO/VDI accounts, pivot into SaaS and cloud environments, abuse VMware vCenter/ESXi (including creating unmanaged VMs and dumping ntds.dit), exfiltrate data to attacker-controlled S3 buckets, and deploy ransomware or threaten data leaks; the report lists observed TTPs, affected sectors (insurance, retail, and recently aviation), and provides prioritized detection, correlation rules, and hardening recommendations via the CrowdStrike Falcon platform.