Scattered Spider Targets Tech Companies for Help-Desk Exploitation

**Executive summary:** ReliaQuest's analysis outlines Scattered Spider's transition from SIM‑swapping to highly targeted social‑engineering and phishing operations (including Evilginx) that impersonate technology vendors and MSPs to steal high‑value credentials, bypass MFA, and enable ransomware deployments via partnerships with operators like ALPHV and DragonForce; the report provides domain/ASN/registrar IOCs, observed keyword and hosting patterns, examples of tactics (vishing, help‑desk impersonation), and prioritized defensive actions.