Cybersecurity firm CrowdStrike warns that Cordial Spider and Snarky Spider, affiliates of The Com and linked to Scattered Spider, are using voice‑phishing and social engineering to compromise identity platforms and rapidly exfiltrate data across victims’ SaaS environments. The financially motivated groups target U.S. organizations in multiple critical sectors, hijack MFA, use residential proxies to evade detection, and pursue data‑for‑extortion campaigns with follow‑on harassment like DDoS and swatting. #CordialSpider #SnarkySpider
Keypoints
- Cordial Spider and Snarky Spider use voice‑phishing and social engineering to breach identity platforms.
- They move laterally through SaaS ecosystems to steal data for extortion.
- The groups primarily target U.S. organizations across academia, aviation, retail, hospitality, automotive, finance, legal, and tech.
- Attackers hijack MFA, delete alerts, and use residential proxy networks to evade IP‑based detection.
- They are affiliated with The Com and related to Scattered Spider but exhibit distinct tactics, extortion sites, and harassment follow‑ups such as DDoS and swatting.
Read More: https://cyberscoop.com/crowdstrike-cordial-spider-snarky-spider-extortion-attacks/