Summary: On Tuesday, CISA, the FBI, and several other federal and international partners released an updated joint Cybersecurity Advisory (CSA) on Scattered Spider—a cyber threat group targeting commercial facilities sectors and subsectors. The update to this advisory provides updated tactics, techniques, and procedures (TTPs) obtained through FBI investigations conducted through June 2025.
Analyst Note: While Scattered Spider is focused on financial services, they are also known to conduct attacks across many different critical infrastructure sectors including energy and government facilities. They are known for sophisticated social engineering attacks and espionage activities. The FBI and CISA encourage critical infrastructure organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of a cyber attack by Scattered Spider threat actors.
In November 2023, FS-ISAC developed a useful mitigation guide for defending against Scattered Spider and BlackCat Ransomware. This guide can prove very useful when combined with the new TTPs provided in the updated CSA.
Original Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
Mitigation Recommendations:
Related WaterISAC PIRs: 6, 6.1, 7, 7.1, 10, 12
