Federal authorities are warning of a hacking collective targeting healthcare with artificial intelligence-enabled voice spoofing and voice phishing.
Scattered Spider has been in operation since 2022, deploying social engineering techniques to bypass security checks and infect computer systems with ransomware, according to an Oct. 24 notice from HHS' Office of Information Security and the Health Sector Cybersecurity Coordination Center. The group's tactics overlap with cybercriminals who call hospital IT help desks with "spearphishing" voice methods to divert payments from payer accounts to their own.
Scattered Spider's hackers generally start with text phishing, phone calls to help desks, or SIM swapping, the advisory said. After stealing credentials, the cybercriminals impersonate employees to call IT service desks to try to steal multifactor authentication codes or password resets. The hackers are thought to be between 19 and 22 years old and living in the U.S. and U.K.
"While Scattered Spider is comprised of young individuals, they have successfully executed high-profile breaches largely due to their advanced social engineering capabilities," the analyst note said. "HC3 assesses with moderate confidence that the group will likely continue to target various industries, including healthcare, for financial gain."