July 16, 2024 at 09:42AM
Microsoft revealed that the Scattered Spider cybercrime gang has incorporated Qilin ransomware into its attacks, notably affecting high-profile organizations. The FBI and CISA issued an advisory on the gang’s tactics, including impersonating IT employees and using phishing and MFA bombing for network access. Qilin’s advanced Linux encryptors target VMware ESXi virtual machines, leading to double-extortion attacks with ransom demands ranging from thousands to millions of dollars.
The meeting notes provide an update on the cybercrime activities of the Scattered Spider gang and its involvement in ransomware attacks, particularly with the addition of the Qilin ransomware to its arsenal.
The notes highlight that Microsoft has reported that the Scattered Spider gang has incorporated Qilin ransomware into its attacks, along with RansomHub. This has been confirmed by the FBI and CISA, who issued an advisory detailing the tactics, techniques, and procedures (TTPs) employed by Scattered Spider, including impersonation of IT employees, phishing, MFA bombing, and SIM swapping.
Furthermore, it is mentioned that the Qilin ransomware operation, previously known as “Agenda,” surfaced in August 2022 and has been responsible for targeting over 130 companies. The gang has been developing advanced and customizable Linux encryptors and engaging in double-extortion attacks, leveraging stolen data to demand ransom payments.
The notes also indicate that the Qilin ransom demands have varied widely, from thousands of dollars to millions, depending on the size of the victim. Additionally, it is noted that the CEO of the UK’s National Cyber Security Centre (NCSC) has linked Qilin to a ransomware attack affecting several major NHS hospitals in London.
The information provided in the meeting notes serves as a comprehensive summary of the activities and impact of the Scattered Spider gang, with a specific focus on their use of the Qilin ransomware in their operations.