Silent Pushβs report on the evolving threat of Scattered Spider reveals that the hacker group is actively targeting various services and brands in 2025, including Klaviyo, HubSpot, and Twitter/X. The group continues to utilize sophisticated phishing tactics and has introduced a new version of Spectre RAT. The analysis highlights changes in their tactics and the acquisition of previously abandoned domains to enhance their phishing campaigns. Affected: Klaviyo, HubSpot, Pure Storage, Audemars Piguet, Chick-fil-A, Credit Karma, Forbes, Instacart, Louis Vuitton, Morningstar, New York Digital Investment Group, News Corporation, Nike, Paxos, Twitter/X, Tinder, T-Mobile, Vodafone
Keypoints :
- Scattered Spider is an active hacker collective targeting various high-profile brands and services in 2025.
- The group utilizes multiple phishing kits, which are continually updated.
- Significant brands targeted include Nike, T-Mobile, and Twitter/X among others.
- A new version of Spectre RAT has been identified as part of their updated tactics.
- The threat group exhibits evolving behaviors, including the use of dynamically rented subdomains.
- Key infrastructure changes have been made by the group, including new preferred hosting providers.
- Scattered Spider has a history of successful phishing attacks and extortion efforts since 2022.
MITRE Techniques :
- Phishing (T1566) β Scattered Spider employs multiple variations of phishing kits to impersonate various organizations.
- Credential Dumping (T1003) β Utilizing phishing kits to exfiltrate credentials submitted by users.
- Command and Control (T1071) β Using Spectre RAT for maintaining control over compromised systems through various C2 communication protocols.
- Domain Spoofing (T1491) β The group registers domains that closely resemble legitimate brands to facilitate their phishing attempts.
- Dynamic DNS (T1071) β The use of dynamically rented subdomains complicates tracking and detection efforts by defenders.
Indicator of Compromise :
- URL klv1.it[.]com
- Domain twitter-okta[.]com
- Domain corp-hubspot[.]com
- Domain pure-okta[.]com
- Domain signin-nydig[.]com
Full Story: https://www.silentpush.com/blog/scattered-spider-2025/