Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
The financially motivated threat actor UNC3944 is shifting its focus to ransomware deployment as part of an expansion to its monetization strategies, according to Mandiant. UNC3944, also known as 0ktapus, Scatter Swine, and Scattered Spider, has been active since early 2022 and initially targeted telecom and business process outsourcing companies. The group has since expanded its targeting to include hospitality, retail, media and entertainment, and financial services. UNC3944 uses phone-based social engineering and SMS-based phishing to obtain employees' valid credentials and infiltrate victim organizations. The group has recently emerged as an affiliate for the BlackCat (aka ALPHV or Noberus) ransomware crew, using its new status to breach MGM Resorts and distribute the file-encrypting malware. Malware: RECORDSTEALER, Atomic, UltraKnot, EightBait, VIDAR [View Article](https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html)