Continer 7
Threat Card Hub
Scattered Spider
85
Sophistication
2022
First Seen
90
Notoriety
77
Stealth
86
Immersive Rating
90
Impact
48
Tactics Variety
Anthropomorphic spider in a hoodie using laptop with spider logo in a dark office with cityscape outside.

Scattered Spider

English-speaking group thought to be comprised of British and American nationals. Known for high-profile breaches via social engineering. Compromised MGM Resorts in 2023, causing major outages. Uses SIM swapping and MFA fatigue to bypass security.

Key behaviours to watch:

  • Targeted spear-phishing leading to domain compromise and lateral movement.
  • Bulk exfiltration of archives via RAR compression and custom utilities (GETMAIL, MAPIGET).
  • Long dwell-time persistence with scheduled tasks, reused credentials, and stealthy C2.

Immersive coverage includes:

  • Threat Actors and Threats > APT Campaigns
  • Threat Hunting > APT29 / FIN7 analogues
  • Incident Response > Containment & Eradication
Try a Lab Now
Blog

Releated Content

Close-up of a denim jacket sleeve with a beige patch labeled C7 sewn on it.
Research
April 15, 2026

Patch Tuesday April 2026 - Critical Microsoft Security Patches

Read more
A man points ahead while holding a laptop, speaking to a woman in a dimly lit industrial setting.
Research
March 12, 2026

OpenClaw: Hunting Season is Open

Read more
Close-up of a beige knitted beanie with a rectangular C7 patch on a black background.
Research
March 11, 2026

Patch Tuesday March 2026 - Critical Microsoft Security Patches

Read more
Sort By :
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Hooded figures with glowing purple eyes at laptops labeled IT Army of Ukraine, a volunteer cyber militia.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
IT Army of Ukraine
75
2013
68
72
88
65
70
Kamacite card with robotic worm image, stats, and text about its cyberattack role in Ukraine power grid.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Kamacite
88
2013
86
83
85
81
86
Card titled Kimusky showing a winged armored horse figure and North Korean cyber espionage intel summary.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Kimusky
62
2021
88
43
86
78
66
Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Lapsus$
89
2009
92
73
85
81
87
Lazarus Group card with hooded figures, stats, and note on North Korea's hacking and cyberattacks.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Lazarus Group
95
2008
85
92
93
94
88
Cartoon man in suit and monocle raising a wine glass with sinking ship labeled LULZ in water behind.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
LulzSec
50
2011
75
38
62
72
52
Magnallium intel card with a falcon dripping oil, symbolizing Iranian energy sector cyberattacks.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
MAGNALLIUM
80
2013
56
73
79
58
74
Stylized figure representing Onyx Sleet, a North Korea-aligned group targeting defense and IT sectors.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Onyx Sleet
85
2014
80
80
84
71
77