web analytics

Scattered Spider Targets Aflac, Other Insurance Companies – Source: securityboulevard.com

scattered-spider-targets-aflac,-other-insurance-companies-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: Jeffrey Burt

Fresh off a series of recent attacks targeting major retail companies in the United States and the UK, the notorious Scattered Spider cybercrime group is now targeting insurance companies and earlier this month apparently bagged a high-profile victim in Aflac.

The intrusion in Aflac, which was detected June 12 when the insurance company’s security team identified suspicious activity on its network in the United States, was stopped within hours and there was no ransomware found in its systems, the company said in a public statement and a filing with the U.S. Securities and Exchange Commission (SEC) eight days later.

“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,” the company said in its statement. “This was part of a cybercrime campaign against the insurance industry.”

Techstrong Gang Youtube

AWS Hub

John Hultquist, chief analyst at Google’s Threat Intelligence Group, wrote in a statement to news organizations June 16 that the unit knew of “multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry. Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers.”

Aflac Not the Only Insurance Victim

At least two other insurance companies in the United States – Philadelphia Insurance Companies and Erie Insurance, also of Pennsylvania – earlier this month announced cyber incidents that disrupted services. Though they didn’t attribute the attacks – June 7 for Erie and June 9 for Philadelphia Insurance – to Scattered Spider, both said in public statement and SEC filings that they detected unusual network activity and responded by shutting down the networks.

“The network shutdown broadly impacted all Company systems, including email, phone, and online applications,” Philadelphia Insurance wrote in a FAQ page. “The network shutdown was necessary to contain the threat and protect Company systems and data. We are still conducting a comprehensive forensic investigation.”

In Aflac’s case, the Georgia-based company said it remained operational and that ransomware wasn’t involved in the incident. The threat actor used social engineering tactics to get access into Aflac’s network, company executives wrote, adding that it appears some information was stolen.

The company won’t know how much data was taken or how many people were affected until a fuller investigation is completed, but the files stolen contain such information as claims data, health information, Social Security numbers, and other personal information that relate to customers, beneficiaries, employees, agents, and others in Aflac’s U.S. business.

A Shift by the Gang From Retailers

This comes a month after U.S. and UK retailers were attacked by Scattered Spider, a threat group that has been around since 2022 and has a reputation of attacking companies in one industry before moving onto a new one. Among the victims in England were Marks & Spencer, the Co-Op, and Harrods. In late May, lingerie retailer Victoria’s Secret said it was the victim of a “security incident” that forced it to shut down its U.S. website.

Other high-profile Scattered Spider targets over the past three years include U.S. cloud communications company Twilio in 2022 and MGM and Caesars Entertainment gaming operations a year later. Despite the arrest in 2024 of seven people believed to be part of Scattered Spider – which also is known as UNC3944, Star Fraud, and Octo Tempest and is thought to be part of a larger hacking group known as The Com or The Community – the bad actor continues its aggressive strategy, according to threat analysts with security firm Silent Push.

Additional companies targeted this year include Chick-fil-A, HubSpot, Forbes, X (formerly Twitter), and T-Mobile, the Silent Push analysts wrote in a report in April.

A Busy 2025 is Underway

 “Silent Push has determined the evolving threat Scattered Spider is still actively hunting for victims,” they wrote, adding that the vendor has identified the group’s infrastructure and tactics, techniques, and procedures (TTPs) and developed ways to protect against it. “Changes to deployments and phishing kits in early 2025, however, suggest Scattered Spider is turning the page on some past decisions.”

The includes a new version of the Spectre RAT (remote access trojan) to gain persistent access to compromised systems and a boomerang domain ownership between the threat actor and X.

Regarding the attack on Aflac, both Kumar Saurabh, founder and CEO of managed detection and response company AirMDR, and Ted Miracco, CEO of cybersecurity firm Approov, commended the insurance company’s quick response to the threat when it was detected. Miracco called the response and transparency “both commendable and somewhat atypical.”

Social Engineering and Agentic AI

“The use of social engineering to gain network access is part of a growing trend we’re seeing across the insurance and broader financial services sector,” he said. “These attacks are often aided by agentic AI, as attackers are targeting the human element, at scale, to bypass perimeter defenses and exfiltrate sensitive data such as health records and social security numbers. This reinforces the urgent need for a layered security approach. … As cybercriminals evolve their tactics, companies will adopt dynamic defenses that protect both infrastructure and the entire app-to-API ecosystem. Aflac’s case should be a wake-up call to revisit how we defend customer data.”

Keep an Eye on Scattered Spider

Google Threat Intelligence Groups Hulquist wrote that the growing conflict in the Middle East is turning a lot of attention to the cyber capabilities of Iran. However, the threat of Scattered Spider should not be overlooked.

“The anticipated threat of Iranian cyber capability to US organizations has been the focus of many discussions lately, but these actors are already targeting critical infrastructure,” he wrote. “We expect more high-profile incidents in the near term as they move from sector to sector.”

Recent Articles By Author

Original Post URL: https://securityboulevard.com/2025/06/scattered-spider-targets-aflac-other-insurance-companies/?utm_source=rss&utm_medium=rss&utm_campaign=scattered-spider-targets-aflac-other-insurance-companies

Category & Tags: Cloud Security,Cybersecurity,Data Privacy,Data Security,Featured,Identity & Access,Industry Spotlight,Mobile Security,Network Security,News,Security Awareness,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Social Engineering,Spotlight,Threat Intelligence,cyberattacks,Insurance Industry,Remote Access Trojan (RAT),scattered spider – Cloud Security,Cybersecurity,Data Privacy,Data Security,Featured,Identity & Access,Industry Spotlight,Mobile Security,Network Security,News,Security Awareness,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Social Engineering,Spotlight,Threat Intelligence,cyberattacks,Insurance Industry,Remote Access Trojan (RAT),scattered spider

Views: 3

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Marcos Jaimovich
Nuevo Firewall para IA , un Cacharro nuevo para nuestro SOC y los equipos de Ciberseguridad !
Nuevo Firewall para IA ,...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos