Notorious Criminal Syndicate Expands Targets: Now Threatens U.S. Insurance Companies Following Successful Raids on Retail Outlets
Step Outta the Shops, Scattered Spider Now Tormenting the Insurance Biz!
Scattered Spider cyber-scoundrels bid adieu to retail rampage, eying insurance firms
Gear up, folks! The infamous Scattered Spider cybercrime syndicate seems to have shifted its focus from high-end retailers to the insurance industry, according to cybersecurity experts.
Google Threat Intelligence Group (GTIG) researchers have allegedly spotted numerous attacks and are warning organizations to brace for potential threats. John Hultquist, GTIG's chief analyst, highlighted the situation in an email to our trusted platform Pro.
"Google Threat Intelligence Group has identified multiple intrusions in the US, showcasing unmistakable traces of Scattered Spider's nefarious activities. The insurance industry is most recently in their sights," Hultquist shared.
Cybercriminals Unite!
Scattered Spider is infamous for its membership within the larger hacking community known as "the Com," notorious for zeroing in on a single industry at a time.
In their recent spree, they've targeted high-end retailers, particularly in the UK, focusing on big names such as Harrods, M&S, and the Co-op. They've also targeted U.S. corporations using social engineering, SIM-swapping, and ransomware.
"Given this actor's tradition of honing in on a sector, the insurance sector needs to stay alert, especially for social engineering schemes aimed at help desks and call centers," Hultquist emphasized.
Google hasn't disclosed the identity of the victims, but The Register reports that two U.S.-based companies — Erie Insurance and Philadelphia Insurance Company — have recently experienced a cyberattack, though neither confirmed Scattered Spider as the perpetrator.
Call Me maybe?
The cunning crooks usually initiate their attacks with false helpdesk calls, tricking victims into providing access to their devices, which then gets utilized to deploy the DragonForce ransomware encryptor.
While defending against ransomware attacks isn't a walk in the park, increasing employee awareness about phishing and social engineering is a crucial step. After all, most attacks target humans, not systems.
Via The Register
Bonus Reads
- This Wiper Malware has data destruction on LOCKDOWN
- Discover the Top-tier Authenticator Apps
- Check out our round-up of the Finest Password Managers
[1] Enrichment: Erie Indemnity, a Pennsylvania-based insurance company, was one of the first insurance companies targeted by Scattered Spider after the gang shifted its focus from the retail sector to the insurance industry. The ransomware attack on Erie Indemnity, announced on June 8, 2025, had a significant impact on the company's operations, causing disruptions in online payments, email access, and other customer services. This potentially affected around 7 million policyholders and over 13,000 insurance agents and staff.
In light of the shift in focus from retail to insurance firms, cybersecurity experts are advising organizations in the insurance sector to be prepared for potential cyber threats from Scattered Spider. Google Threat Intelligence Group (GTIG) has reported multiple intrusions, with John Hultquist, GTIG's chief analyst, stating that the insurance industry is currently in their crosshairs. Further, it was reported that Erie Indemnity, a Pennsylvania-based insurance company, was one of the first targeted after Scattered Spider moved away from the retail sector, causing significant disruptions affecting over 7 million policyholders and thousands of agents and staff. Technology and general-news outlets are covering this ongoing crime-and-justice development.
