Please find the security advisory on Scattered Spider-Social Engineering Attack that uses BlackCat/ALPHV Ransomware. The approach obtains credentials by using phishing techniques and performs Pushbombing and Subscriber Identity Module (SIM) by installing remote access tools to bypass Multi-Factor Authentication (MFA).
The CISA and FBI have collaborated to provide a cybersecurity advice in reaction to the recent actions of the Scattered Spider threat actor group.
Scattered Spider ultimately used a combination of TTPs — including social engineering of help-desk employees to target large companies holding sensitive data that include financial services such as telecommunications, business process outsourcing, hospitality, and cryptocurrency firms for ransomware attacks.
This gang largely relies upon impersonating IT support professionals and manipulating target company employees into sharing passwords or running malicious executables through remote access software.