![\"Federal](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2025\/08\/1754054230_221_960x0.jpg\")
<\/p>\n<\/p>\n
FBI updates Scattered Spider warning \u2014 do not reset your password.<\/p>\n
SOPA Images\/LightRocket via Getty Images<\/p>\n
Update, August 2, 2025: This story, originally published on July 31, has been updated with the latest news concerning the Scattered Spider involvement, or not, in recent ransomware attacks, as well as another warning from the FBI regarding a new cyberattack. Do not reset your passwords, the FBI said, and now has added advice not to get caught in a code-scanning hacker campaign.<\/p>\n
Scattered Spider<\/a> is the somewhat too cutesy name applied to one of the most dangerous threats facing organizations today. The ransomware threat actors, thought to behind devastating attacks on retail<\/a> and aviation<\/a> targets, among others, show no signs of going away. That said, it has now been reported that the group might not be the ones responsible for many of the attacks after all. More on that shortly, but for now, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have now updated a joint cybersecurity advisory with a critical new warning: don\u2019t reset your passwords. Here\u2019s what you need to know about the latest FBI warning and the ongoing Scattered Spider threat, and that posed by other dangerous ransomware groups.<\/p>\n ForbesNew VPN Attack Warning \u2014 What You Need To KnowBy Davey Winder<\/a><\/p>\n The FBI Password Reset Warning \u2014 Why It Makes Sense<\/p>\n At first glance, being told not to reset your password in the face of an attack that compromises passwords appears somewhat counterintuitive, to say the least. After all, Google has been advising Gmail users to change their passwords<\/a>, along with other cybersecurity warnings recommending the same, for the longest time now. But, as with most everything cyber, context is critical. Changing a password to prevent an attack, as in the advice to switch to a more secure technology such as passkeys, makes sense. Not using weak or previously compromised passwords, ditto. But this advice is different; it addresses the specific methodology employed by the Scattered Spider group in attacks.<\/p>\n The July 29 update to the FBI and CISA cybersecurity advisory, alert code AA23-320A<\/a>, warns that Scattered Spider has \u201cposed as employees to convince IT and\/or helpdesk staff to provide sensitive information, reset the employee\u2019s password, and transfer the employee\u2019s MFA to a device they control on separate devices.\u201d<\/p>\n Scattered Spider is using \u201clayered social engineering techniques,\u201d the FBI warned, often comprising multiple calls and contacts. These are made to ascertain the steps required to conduct password reset requests from support staff. \u201cOnce that information is identified,\u201d the FBI said, \u201cthe threat actors continue to conduct phone calls to employees and help desks to gather password reset-specific information of a targeted employee.\u201d This all culminates in a highly-targeted spearphishing call to the help desk in question to convince staff to \u201creset passwords and\/or transfer MFA tokens.\u201d<\/p>\n The FBI recommended that organizations use phishing-resistant multifactor authentication for all services and accounts that access critical systems. \u201cOrganizations should continue to perform diligent employee training against vishing and spearphishing,\u201d the alert said, and advised that updated mitigation recommendations<\/a> from the U.K. National Cyber Security Centre be followed, including to \u201creview helpdesk password reset processes, including how the helpdesk authenticates staff members credentials before resetting passwords, especially those with escalated privileges.\u201d<\/p>\n ForbesGoogle Issues 3 Gmail Security Warnings \u2014 Fast Action NeededBy Davey Winder<\/a><\/p>\n Following The FBI Warning, Doubts Cast On Scattered Spider Involvement In Recent Ransomware Attacks<\/p>\n The shockwave, and that\u2019s the correct term I think, of ransomware attacks this year attributed to the Scattered Spider group specifically, and more broadly a criminal collective, consisting mainly of teenagers, called The Com, might have been carried out by a different threat actor entirely. That group is known as ShinyHunters, an extortion gang that is also thought to be behind the recently confirmed data breach at insurance company Allianz Life. The confusion is unsurprising, not least as ShinyHunters appear to use the same tactical playbook as Scattered Spider. A number of security specialists have now pointed the finger at ShinyHunters for attacks involving Quantas, LVMH and Adidas, to name but a few.<\/p>\n \u201cThis new update will mitigate any confusion that has been circulating over the last few months around which attacks can be attributed to Scattered Spider,\u201d Juliette Hudson, chief technical officer at CybaVerse, said. There has also been plenty of speculation that both the Scattered Spider and ShinyHunters criminal groups share members, which is more commonplace in such ransomware circles than you might imagine, especially when taking associates into account. The latest intelligence suggests, Hudson said, adds further weight to the theory and \u201chighlights how threat actors collaborate, work together and share tactics, techniques and procedures to support each other.\u201d<\/p>\n This only goes to support the FBI warning and mitigation advice, though, bringing “vishing,” more formally known as voice-based phishing, into the picture front and center.<\/p>\n \u201cConsidering these calls then direct victims to a spoofed domain to enter their login details,\u201d Hudson concluded, \u201cthis will undoubtedly trick a large volume of people. It\u2019s likely the spoofed domain will have been created using AI, so it will be highly realistic.\u201d So, please do not ignore the FBI warning, apply the mitigations it has suggested, and protect yourself from threats posed by Scattered Spider, ShinyHunters or any of the other myriad cybercriminal groups out there.<\/p>\n ForbesHackers Threaten To Publish 3.5 TB Of Stolen Data TodayBy Davey Winder<\/a> Critical FBI cybersecurity warnings are starting to be a little like London buses: you wait a while, and then a whole bunch turn up at once. Just days after the FBI issued the Scattered Spider cybersecurity alert update, the Bureau has now published alert number I-073125-PSA<\/a> warning the public of a new twist to an old threat: the brushing scam.<\/p>\n Brushing scams involve vendors fraudulently increasing their product ratings online by sending unsolicited items to unsuspecting recipients and using their information to post positive reviews. This latest scam, the FBI has warned, operates along a similar theme but is now using QR codes on such packages as a means to facilitate financial fraud.<\/p>\n The packages contain a QR code that \u201cprompts the recipient to provide personal and financial information or unwittingly download malicious software that steals data from their phone,\u201d the FBI said. Such parcels are often sent without any information as to their origin as a means to encourage recipients to scan the malicious code.<\/p>\n If you receive an unexpected package from an unknown sender, the FBI advises that you should not scan any QR codes contained within it or on the packaging itself. The FBI requests that the public report these fraudulent or suspicious activities to the FBI IC3 at www.ic3.gov.<\/p>\n
\nDo Not Scan These Codes \u2014 The FBI Has Warned<\/p>\n