Scattered Spider has dominated the news in recent weeks following high-profile breaches impacting UK retailers Marks & Spencer, Co-op, and Harrods. 

Along with the current attacks on UK retail, they have a long list of historical victims, including MGM Resorts, Caesars, Transport for London, and links to the campaign against Snowflake customers last year.

Scattered Spider are known for their use of identity-based techniques, specialising in account takeover through stolen credentials, phishing, and advanced social engineering such as help desk scams. After compromising identity infrastructure, they pivot to server environments on-premises and in the cloud and deploy ransomware for financial gain. 

In 2025, security researchers have identified a significant increase in Scattered Spider’s use of MFA-bypassing AiTM phishing kits, with a host of (increasingly widespread) detection evasion methods. 

Join Luke Jennings, VP R&D, as he:

Fill out the form to get access to the webinar and watch on-demand!