Scattered Spider Shifts Focus to Insurance Industry

Scattered Spider, notorious for its recent high-profile attacks on U.K. and U.S. retailers, has pivoted to target American insurance companies according to intelligence from Google’s Threat Intelligence Group.

Google tracks the financially motivated group as UNC3944 and has previously linked it to a string of ransomware attacks against British retailers and supermarket chains earlier this year. Now, the same tactics are appearing within the U.S. insurance industry.

“Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry,” John Hultquist, chief analyst at Google Threat Intelligence Group, said in an email.

“Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers,” Hultquist added.

Known for its sector-focused campaigns, Scattered Spider often uses social engineering techniques, including help desk impersonation and SIM swapping, to gain access to corporate systems.

At least one organization has already reported a serious incident. Erie Insurance, a Fortune 500 firm based in Pennsylvania, disclosed “unusual activity” on its network discovered on June 7th. The business started its incident response plan and took systems offline to mitigate the situation.

“Upon learning of this activity, the company activated its incident response protocols and took immediate action to respond to the situation to safeguard our systems,” the company said in a June 11 regulatory filing.

The organization has not attributed the attack to Scattered Spider or any other groups. It confirmed its online systems remain offline, preventing customers access to accounts and digital services. Erie has advised customers to stay vigilant and avoid clicking unknown links or sharing personal information via email or phone.