Fraudulent email scams continue to serve as primary gateway for cyber intrusions
Headline: Major Ransomware Groups Leverage Social Engineering Tactics in 2023
In the ever-evolving landscape of cyber threats, social engineering has emerged as a favoured tactic for notorious ransomware groups like Scattered Spider, DragonForce, and Muddled Libra. According to the ReliaQuest Annual Cyber-Threat Report, these groups exploit human vulnerabilities to gain initial access to compromised environments.
Scattered Spider: A Master of Social Engineering
Scattered Spider, a group known for its expertise in social engineering, stood out in 2023. The group targeted help desks and call centers, manipulating staff into resetting credentials or bypassing security measures. Notable attacks include the one on Riot Games, where they stole game source code using social engineering. In September, Scattered Spider used cloud administrative commands to modify configurations in the Microsoft Azure platform, gaining initial access to a compromised environment.
DragonForce: A Ransomware Cartel
DragonForce, another notable group, is recognised for its targeted attacks involving social engineering. High-profile incidents include the Ohio Lottery hack and a 2025 UK retail ransomware incident. While specific social engineering tactics are less detailed publicly than Scattered Spider’s, DragonForce operates as a ransomware cartel, leveraging social engineering and other tactics to infiltrate organisations.
Muddled Libra: Exploiting Outsourced Support Operations
Muddled Libra is recognised for its sophisticated social engineering tactics, particularly smishing (SMS phishing) and vishing (voice phishing). The group often targets call centers and third-party service providers to exploit weak points in outsourced support operations.
The Rise of Social Engineering as an Initial Access Vector
The heavy use of social engineering as an initial access vector makes early detection challenging. These tactics exploit human psychology rather than technical vulnerabilities. Phishing is a classic method used by threat actors to gain initial access, accounting for 70% of all initial access related incidents in 2023, according to ReliaQuest.
Combating Social Engineering Attacks
The ReliaQuest Annual Cyber-Threat Report encourages organisations to focus on authentication techniques, including biometrics and reducing session token lifetimes, to combat phishing and other social engineering attacks.
[1] Source: [Link to source 1] [2] Source: [Link to source 2] [3] Source: [Link to source 3] [4] Source: [Link to source 4]
- In 2023, Scattered Spider, renowned for its social engineering tactics, used cloud administrative commands to gain initial access through a compromised Microsoft Azure environment.
- DragonForce, a ransomware group known for targeted attacks, operates as a cartel, leveraging social engineering and other tactics to infiltrate organizations, as seen in the Ohio Lottery hack and the 2025 UK retail ransomware incident.
- Muddled Libra, a sophisticated group, exploits weak points in outsourced support operations, using smishing (SMS phishing) and vishing (voice phishing) tactics, such as targeting call centers and third-party service providers.
[1] Source: [Link to source 1] (for Scattered Spider's attack on Riot Games)[2] Source: [Link to source 2] (for DragonForce's targeted attacks)[3] Source: [Link to source 3] (for Muddled Libra's social engineering tactics)[4] Source: [Link to source 4] (for the statistics on phishing as an initial access vector)
