{"id":70429,"date":"2023-10-28T10:00:26","date_gmt":"2023-10-28T15:00:26","guid":{"rendered":"https:\/\/thetacticalhermit.com\/?p=70429"},"modified":"2023-10-28T06:16:41","modified_gmt":"2023-10-28T11:16:41","slug":"cyber-crime-sim-swappers-are-working-directly-with-ransomware-gangs-now","status":"publish","type":"post","link":"https:\/\/thetacticalhermit.com\/index.php\/2023\/10\/28\/cyber-crime-sim-swappers-are-working-directly-with-ransomware-gangs-now\/","title":{"rendered":"Cyber Crime: SIM Swappers Are Working Directly with Ransomware Gangs Now"},"content":{"rendered":"<h1><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-70431 aligncenter\" src=\"https:\/\/thetacticalhermit.com\/wp-content\/uploads\/2023\/10\/cyber.jpg\" alt=\"\" width=\"617\" height=\"360\" srcset=\"https:\/\/thetacticalhermit.com\/wp-content\/uploads\/2023\/10\/cyber.jpg 617w, https:\/\/thetacticalhermit.com\/wp-content\/uploads\/2023\/10\/cyber-300x175.jpg 300w\" sizes=\"(max-width: 617px) 100vw, 617px\" \/><\/h1>\n<h1 class=\"post-hero__title\" style=\"text-align: center;\"><a href=\"https:\/\/www.404media.co\/sim-swappers-are-working-directly-with-ransomware-gangs-now\/\">SIM Swappers Are Working Directly with Ransomware Gangs Now<\/a><\/h1>\n<p>&nbsp;<\/p>\n<h2>In a highly unusual marriage in the cybercrime underground, English-speaking members of \u201cthe Comm,\u201d a wide spanning entity that includes SIM swappers and physically violent criminals, are working with the Eastern European ransomware group called ALPHV, two cybersecurity industry sources told 404 Media. 404 Media granted the sources anonymity to speak more candidly about developments in the cybercrime ecosystem. ALPHV is connected to the recent hack of MGM casinos.<\/h2>\n<h2>The unlikely bedfellows make powerful partners in crime. Members of the Comm can be highly adept at social engineering, using their native English language skills to take over targets\u2019 phone numbers or sweet talk their way into corporate systems. But they are also unusually audacious in their hacks, showing off their wealth or using threats of violence against targets that other, more stealthy hackers may avoid. Combine that brazenness with the highly professionalized world of Eastern European ransomware-as-a-service, and you have a new alliance that is wreaking havoc across all sorts of industries.<\/h2>\n<h2>Multiple cybersecurity firms have published research on a loosely defined entity known as \u201cScattered Spider,\u201d with\u00a0<a href=\"https:\/\/www.mandiant.com\/resources\/blog\/unc3944-sms-phishing-sim-swapping-ransomware?ref=404media.co\" target=\"_blank\" rel=\"noreferrer noopener\">researchers also using the terms \u201cUNC3994\u201d<\/a>\u00a0and \u201c0ktapus\u201d to label similar clusters of activity. On Wednesday,\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/10\/25\/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction\/?ref=404media.co\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft published its own blog post<\/a>\u00a0which laid out some of the techniques used by what the company calls \u201cOcto Tempest,\u201d which Microsoft says \u201coverlaps\u201d with research into Scattered Spider. Scattered Spider\u00a0<a href=\"https:\/\/www.reuters.com\/technology\/moodys-says-breach-mgm-is-credit-negative-disruption-lingers-2023-09-13\/?ref=404media.co\" target=\"_blank\" rel=\"noreferrer noopener\">has been widely reported<\/a>\u00a0as an entity involved in the hack and subsequent ransom of MGM casinos last month,\u00a0<a href=\"https:\/\/apnews.com\/article\/mgm-cyberattack-las-vegas-100-million-clorox-087726961b5366065b6231d1d223b4eb?ref=404media.co\" target=\"_blank\" rel=\"noreferrer noopener\">which led to over $100 million in damages<\/a>. The ransomware side of the operation\u2014that is, the software used to lock down MGM computers\u2014<a href=\"https:\/\/www.reuters.com\/technology\/hackers-who-breached-casino-giants-mgm-caesars-also-hit-3-other-firms-okta-says-2023-09-19\/?ref=404media.co\" target=\"_blank\" rel=\"noreferrer noopener\">was from ALPHV<\/a>, an Eastern European ransomware group.<\/h2>\n<h2><a href=\"https:\/\/www.404media.co\/sim-swappers-are-working-directly-with-ransomware-gangs-now\/\">RTWT.<\/a><\/h2>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-69974 aligncenter\" src=\"https:\/\/thetacticalhermit.com\/wp-content\/uploads\/2023\/10\/5GW.jpg\" alt=\"\" width=\"621\" height=\"528\" srcset=\"https:\/\/thetacticalhermit.com\/wp-content\/uploads\/2023\/10\/5GW.jpg 621w, https:\/\/thetacticalhermit.com\/wp-content\/uploads\/2023\/10\/5GW-300x255.jpg 300w\" sizes=\"(max-width: 621px) 100vw, 621px\" \/><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SIM Swappers Are Working Directly with Ransomware Gangs Now &nbsp; In a highly unusual marriage in the cybercrime underground, English-speaking members of \u201cthe Comm,\u201d a wide spanning entity that includes SIM swappers and physically violent criminals, are working with the Eastern European ransomware group called ALPHV, two cybersecurity industry sources told 404 Media. 404 Media&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[5478,2805,2122,13,74,4445,5653,1317,4912,4126,883,5538,65,3712,10],"tags":[16691,16242,3084,10116,16324,16600,16690,3658,10768,9366,16142],"jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/70429"}],"collection":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/comments?post=70429"}],"version-history":[{"count":3,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/70429\/revisions"}],"predecessor-version":[{"id":70433,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/70429\/revisions\/70433"}],"wp:attachment":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/media?parent=70429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/categories?post=70429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/tags?post=70429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}