Scattered Spider, North Korean Fraudulent Remote Work Schemes, Wagemole
Threat Content Highlights
- The FBI announced that it recently observed the Scattered Spider financially motivated group “expanding its targeting” to the airline sector.
- Security researchers indicate that the group is known to target particular sectors “for a few weeks at a time” before shifting to others.
- We have extended the ATT&CK Group object with numerous Technique, Software, and Campaign relationships, and we updated our “Scattered Spider Ecosystem” Threat Profile in early June to reflect the group’s latest reported behaviors.
- The U.S. Department of Justice announced arrests and seizures targeting North Korean workers suspected of fraudulently gaining employment with U.S. companies as remote IT workers, in order to generate illicit revenue for their country’s regime.
- The actions are positive news, but they also underscore the concerning scale of recent North Korean fraudulent remote work schemes.
- The Wagemole Campaign object in the Tidal Cyber knowledge base includes Techniques linked to these types of schemes, including in-depth reconnaissance activity and AI-supported impersonation attempts.