Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains


In mid-2025, the Scattered Spider group intensified attacks using SMS phishing, social engineering, and hybrid on-prem/cloud intrusions targeting financial extortion. They gain access via impersonation, deploy tools like Mimikatz, and use persistent ADFS backdoors and ransomware on VMware ESX. Microsoft flagged their evolving TTPs and mapped detection across Defender XDR.

Read More


thumb-image

Solutions