Firefighters prepare for increasing gusts following brief reprieve for LA area
John Ratcliffe, tapped by Trump to lead the CIA, will face questioning in the Senate
What to know about Trump's attorney general pick Pam Bondi as she faces questioning on Capitol Hill
Nippon Steel wants to work with Trump administration on US Steel deal, Mori tells WSJ
After cable damage, Taiwan to step up surveillance of flag of convenience ships
BOJ will raise rates if economy, price conditions continue to improve, Ueda says
Manatees congregate in warm waters near power plants as US winter storms graze Florida
AAPI adults prioritize immigration, but split on mass deportations: AP-NORC/AAPI Data poll
As fires ravage Los Angeles, Tiger Woods isn't sure what will happen with Riviera tournament
Antetokounmpo gets 50th career triple-double as Bucks win 130-115 to end Kings' 7-game win streak
Zheng loses to No 97 Siegemund, Osaka rallies to advance at the Australian Open
By Zeba Siddiqui
SAN FRANCISCO (Reuters) - The FBI warned organizations to guard against the Scattered Spider hacking group, which has breached dozens of American organizations over the past year, stealing their sensitive data for extortion.
The FBI alert follows a Reuters report this week that said the agency had struggled to stop these hackers that are known to be skilled at using fake profiles and impersonations to trick a victim organisation's help desk into giving them access.
They were behind the September hacks into casino companies MGM Resorts International and Caesars Entertainment, but have intruded various organisations from telecom companies to healthcare groups, security researchers say.
The statement, issued jointly with the U.S. Cybersecurity and Infrastructure Security Agency, sheds new light into how these hackers operate.
Even after they've gained access into an organization's systems, the hackers keep checking its internal communication channels such as Slack, Microsoft Teams, and Microsoft Exchange online, for emails or conversations that might show if their breach had been discovered, the statement said.
The criminals "frequently join incident remediation and response calls and teleconferences, likely to identify how security teams are hunting them and proactively develop new avenues of intrusion in response to victim defenses," it added.
The FBI and CISA urged critical infrastructure organisations to implement a series of security measures they recommended and urged victim organisations to share information about the hacks with the agencies.
Everything from a sample ransom note, communications with the hackers, their cryptocurrency wallet information, or samples of malicious files could be useful, they said.
"FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered," they said, adding that ransom payments may embolden the hackers into going after more targets.
(Reporting by Zeba Siddiqui in San Francisco; Editing by Nick Zieminski)
