https://www.theregister.com/2025/06/16/scattered_spider_targets_insurance_firms
Google’s threat intelligence team has issued urgent warnings that the notorious Scattered Spider cybercrime group has pivoted from targeting retail companies to launching sophisticated attacks against US insurance firms. The alert comes as multiple insurance companies have reported significant network outages and security incidents, with some systems remaining down for nearly two weeks following suspected cyberattacks that bear the hallmarks of the group’s signature social engineering tactics.
John Hultquist, chief analyst at Google Threat Intelligence Group, confirmed that researchers have identified multiple intrusions in the US insurance sector that demonstrate all the characteristics of Scattered Spider operations. The group, known for its highly effective fake help-desk calls and social engineering schemes, has historically focused on attacking one industry sector at a time before moving to new targets. Their recent shift from retail to insurance follows a string of successful attacks against major retailers in both the United States and United Kingdom, where they deployed DragonForce ransomware after gaining initial access through deceptive phone calls to company help desks.
The warning coincides with ongoing network disruptions at several major insurance companies, including Erie Insurance and Philadelphia Insurance Companies, both of which have experienced prolonged system outages since early June. Erie Insurance, claiming to be the 12th largest home and auto insurer in the US, first reported network problems on June 8 and subsequently disclosed to federal regulators that they had detected unusual network activity consistent with a cybersecurity incident. Similarly, Philadelphia Insurance Companies acknowledged unauthorized access to their systems after detecting suspicious network activity on June 9, leading to the proactive disconnection of affected systems.
The insurance industry presents an attractive target for cybercriminals due to the vast amounts of sensitive personal and financial data these companies process, as well as their critical role in the broader financial ecosystem. Google has issued specific hardening recommendations for organizations to defend against Scattered Spider’s tactics, including enhanced help desk training to positively identify callers through video verification or challenge-response questions, and implementation of phishing-resistant multi-factor authentication. The group’s success rate with social engineering attacks has prompted warnings that all insurance companies should be on high alert, particularly regarding attempts to manipulate help desk and call center personnel.