← Back to Pulse Feed
PULSE DETAIL
Scattered Spider, a notorious hacking collective, continues to actively target victims in 2025. The group has expanded its focus to include services like Klaviyo, HubSpot, and Pure Storage, while targeting high-profile brands such as Audemars Piguet, Chick-fil-A, and Twitter/X. Silent Push researchers have identified five unique phishing kits used by Scattered Spider since 2023, with some undergoing updates. A new version of Spectre RAT has been discovered, along with the acquisition of a domain previously owned by Twitter/X. Despite arrests of several members in 2024, Scattered Spider has adapted its tactics, including the use of dynamic DNS providers and updated phishing kits. The group continues to employ sophisticated social engineering attacks to obtain credentials and multi-factor authentication tokens.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | 7-eleven-hr.com | — | 2025-04-09 | |
| domain | activecampiagn.net | — | 2025-04-09 | |
| domain | acwa-apple.com | — | 2025-04-09 | |
| domain | asurion-idp.com | — | 2025-04-09 | |
| domain | bbtplus.com | — | 2025-04-09 | |
| domain | bell-hr.com | — | 2025-04-09 | |
| domain | bestbuy-cdn.com | — | 2025-04-09 | |
| domain | birdsso.com | — | 2025-04-09 | |
| domain | citrix-okta.com | — | 2025-04-09 | |
| domain | commonspiritcorp-okta.com | — | 2025-04-09 | |
| domain | consensys-okta.com | — | 2025-04-09 | |
| domain | corp-asurion.com | — | 2025-04-09 | |
| domain | corp-azure.com | — | 2025-04-09 | |
| domain | corp-foundever.net | — | 2025-04-09 | |
| domain | corp-hubspot.com | — | 2025-04-09 | |
| domain | corporatetools-okta.com | — | 2025-04-09 | |
| domain | cts-comcast.com | — | 2025-04-09 | |
| domain | dashboard-iterable.com | — | 2025-04-09 | |
| domain | docusign-okta.com | — | 2025-04-09 | |
| domain | doordash-support.com | — | 2025-04-09 | |
| domain | duelbits-cdn.com | — | 2025-04-09 | |
| domain | freshworks-hr.com | — | 2025-04-09 | |
| domain | gemini-sso.com | — | 2025-04-09 | |
| domain | globaldata-cloud.com | — | 2025-04-09 | |
| domain | gucci-cdn.com | — | 2025-04-09 | |
| domain | hr-myccmortgage.com | — | 2025-04-09 | |
| domain | hr-synovus.com | — | 2025-04-09 | |
| domain | itbit-okta.com | — | 2025-04-09 | |
| domain | iyft.net | — | 2025-04-09 | |
| domain | klaviyo-hr.com | — | 2025-04-09 | |
| domain | klv1.io | — | 2025-04-09 | |
| domain | morningstar-okta.com | — | 2025-04-09 | |
| domain | mytsl.net | — | 2025-04-09 | |
| domain | okta-louisvuitton.com | — | 2025-04-09 | |
| domain | okta-onsolve.com | — | 2025-04-09 | |
| domain | okta-ripple.com | — | 2025-04-09 | |
| domain | okta-ziffdavis.com | — | 2025-04-09 | |
| domain | onsolve-okta.com | — | 2025-04-09 | |
| domain | paxos-my-salesforce.com | — | 2025-04-09 | |
| domain | pfchangs-support.com | — | 2025-04-09 | |
| domain | prntsrc.net | — | 2025-04-09 | |
| domain | pure-okta.com | — | 2025-04-09 | |
| domain | signin-nydig.com | — | 2025-04-09 | |
| domain | simpletexting-cdn.com | — | 2025-04-09 | |
| domain | squarespacehr.com | — | 2025-04-09 | |
| domain | sso-instacart.com | — | 2025-04-09 | |
| domain | sts-vodafone.com | — | 2025-04-09 | |
| domain | sytemstern.net | — | 2025-04-09 | |
| domain | telnyx-cdn.com | — | 2025-04-09 | |
| domain | tmobile-okta.com | — | 2025-04-09 | |
| domain | twitter-okta.com | — | 2025-04-09 | |
| domain | x-sso.com | — | 2025-04-09 | |
| domain | xn--gryscale-ox0d.com | — | 2025-04-09 | |
| hostname | login.freshworks-hr.com | — | 2025-04-09 | |
| hostname | login.hr-intercom.com | — | 2025-04-09 |
References (1)