Cross-Sector Mitigations: Scattered Spider

Scattered Spider is a financially motivated group of young and independent threat actors known for highly effective social engineering techniques. Using credential theft to gain entry to target networks, Scattered Spider monetizes its attacks through data theft, extortion, or affiliate ransomware operations.

In response to concerns that the group poses a significant risk to organizations, members of the National Council of ISACs – including the Financial Services, Information Technology, Food and Agriculture, Health, Aviation, Automotive, Retail and Hospitality, and Maritime Transportation System ISACs – shared their expertise to produce this guidance.

Their analysis details Scattered Spider’s observed activity and tradecraft as of May 2025, providing:

• Background on Scattered Spider so that firms can better scope their threat surface
• Technical procedures and cultural practices to thwart Scattered Spider attacks
• Analysis of ISAC and FBI intelligence, and corresponding MITRE ATT&CK® mitigations

The measures recommended in the document incorporate the baseline necessities of FS-ISAC’s cyber fundamentals, keyed to Scattered Spider tactics, techniques, and procedures based on known threats. These mitigations have proven effective against Scattered Spider and similar threat actors, according to expert assessment of intelligence.

The collaboration of the NCI and nine ISACs to produce this guidance underscores the impact of sharing information in a cross-sector threat environment.