| The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released this Joint Cybersecurity Advisory in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. |
| Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology help desks. Scattered Spider threat actors, per trusted third parties, have typically engaged in data theft for extortion and have also been known to utilize BlackCat/ALPHV ransomware alongside their usual TTPs. |
| The FBI and CISA encourage critical infrastructure organizations to implement the recommendations in the mitigations section of this advisory to reduce the likelihood and impact of a cyberattack by Scattered Spider actors. |