The hackers who reportedly hit greater than 130 organizations final 12 months and stole the credentials of virtually 10,000 workers are nonetheless concentrating on a number of tech and online game firms, in line with a report obtained by TechCrunch.

The report, ready by cybersecurity agency CrowdStrike, calls the hackers “Scattered Spider.” In a earlier publicly obtainable report, the corporate stated this group is often known as “Roasted 0ktapus” in an obvious reference to the report revealed by Group-IB, one other cybersecurity agency, final 12 months.

Experiences just like the one obtained by TechCrunch are ready by risk intelligence firms for his or her prospects, with the thought of alerting them to hackers who’re both concentrating on the shoppers immediately, or different firms in the identical sector. Within the report, CrowdStrike notes that it has restricted visibility into the hacking marketing campaign provided that it has no “further forensic artifacts,” referring to information it obtained immediately from focused organizations. That’s why the corporate admits it has “low confidence” in its evaluation that that is exercise by Scattered Spider.

Two cybersecurity insiders, who requested to stay nameless as they weren’t licensed to talk to the press, stated that the understanding throughout the trade is that Scattered Spider is similar group as 0ktapus.

“Scattered Spider continued deploying quite a few phishing pages in January 2023. CrowdStrike Intelligence assesses the adversary has probably expanded its goal scope to incorporate expertise sector firms specializing in gaming or monetary software program, whereas sustaining a previous deal with enterprise course of outsourcing (BPO) firms and mobile suppliers,” learn the report, which isn’t publicly obtainable.

It’s unclear if this is similar group that hacked Riot Video games final month, however in a listing of phishing domains included within the CrowdStrike report, there’s one which was clearly made to focus on the online game big provided that it consists of the title of the corporate within the URL.

Among the many phishing domains, there’s additionally others tailor-made to impersonate online game makers Roblox and Zynga; e mail advertising and marketing and publication big Mailchimp and its dad or mum firm Intuit; Salesforce; Comcast; and Grubhub. TaskUs, a contractor that gives customer support for firms, together with Mailchimp, Intuit and different tech giants, was additionally on the record.

In January, Mailchimp disclosed that it had been hacked — the second hack in opposition to the corporate in six months. On the time, Mailchimp stated the hackers focused its workers by way of phishing. It’s unclear if this incident is tied to the actions of Scattered Spider. Mailchimp didn’t reply to a request for remark.

Riot declined to remark.

Roblox, Zynga, TaskUs, Intuit, Salesforce, Comcast, and Grubhub didn’t instantly reply to a request for remark.

The report stated that “the bulk” of the hacking group’s phishing pages had been designed to imitate Okta login portals, “whereas a a lot smaller quantity impersonated Microsoft.”

CrowdStrike didn’t reply to a request for commment.