Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens

The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as Scattered Spider.

Active since at least 2022, this group has been consistently refining its strategies for system compromise, data exfiltration, and identity theft.

Silent Push analysts have tracked the evolution of Scattered Spider’s tactics, techniques, and procedures (TTPs) through early 2025, uncovering significant shifts in the group’s infrastructure and deployment strategies.

In early 2025, Scattered Spider unveiled an updated version of the notorious Remote Access Trojan (RAT) known as Spectre RAT.

This malware allows for stealthy, persistent access to compromised systems, enabling threat actors to carry out data exfiltration and execute commands remotely.

A notable change was the incorporation of dynamic DNS/rented subdomains in their phishing kits, which further complicates efforts by security teams to track and shut down their operations.

Innovative Phishing and Infrastructure

Scattered Spider’s phishing campaigns have become ...