Continer 7
Threat Card Hub
Scattered Spider
85
Sophistication
2022
First Seen
90
Notoriety
77
Stealth
86
Immersive Rating
90
Impact
48
Tactics Variety
Anthropomorphic spider in a hoodie using laptop with spider logo in a dark office with cityscape outside.

Scattered Spider

English-speaking group thought to be comprised of British and American nationals. Known for high-profile breaches via social engineering. Compromised MGM Resorts in 2023, causing major outages. Uses SIM swapping and MFA fatigue to bypass security.

Key behaviours to watch:

  • Targeted spear-phishing leading to domain compromise and lateral movement.
  • Bulk exfiltration of archives via RAR compression and custom utilities (GETMAIL, MAPIGET).
  • Long dwell-time persistence with scheduled tasks, reused credentials, and stealthy C2.

Immersive coverage includes:

  • Threat Actors and Threats > APT Campaigns
  • Threat Hunting > APT29 / FIN7 analogues
  • Incident Response > Containment & Eradication
Try a Lab Now
Blog

Releated Content

Close-up of a denim jacket sleeve with a beige patch labeled C7 sewn on it.
Research
April 15, 2026

Patch Tuesday April 2026 - Critical Microsoft Security Patches

Read more
A man points ahead while holding a laptop, speaking to a woman in a dimly lit industrial setting.
Research
March 12, 2026

OpenClaw: Hunting Season is Open

Read more
Close-up of a beige knitted beanie with a rectangular C7 patch on a black background.
Research
March 11, 2026

Patch Tuesday March 2026 - Critical Microsoft Security Patches

Read more
Sort By :
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Dark Caracal intelligence card with cat in hat and trench coat holding a USB, describing a Lebanese APT group.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Dark Caracal
68
2020
54
57
65
71
52
DarkSide ransomware group with horned black-armored figures under red swirling sky, known for 2021 Colonial Pipeline attack.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
DarkSide
92
2007
90
86
88
87
84
Digital card titled Dark Storm showing a figure under a glowing purple storm cloud with blue lightning.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Dark Storm
80
2020
75
76
78
85
70
Stylized bear in a suit, top hat, and monocle holding a cane and glass, labeled Fancy Bear cyber unit.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Fancy Bear
71
2017
63
64
68
65
65
FIN7 character with spider head in suit extending hand, stats on right, and intel about cybercrime group below.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
FIN7
85
2021
81
75
89
91
80
Fox Kitten intel card shows a hooded feline figure with cyber elements, plus stats and APT description.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Fox Kitten
53
2022
47
49
59
61
61
Hafnium: Chinese group behind 2021 Microsoft Exchange exploits allowing stealthy mass email access.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
HAFNIUM
70
2022
69
62
73
76
60
Card for Indian Cyber Force showing a hooded figure, group stats, and description of nationalist hacktivist actions.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Indian Cyber Force
80
2013
73
72
72
85
75