Scattered Spider (UNC3944) is a loosely affiliated but highly skilled cybercrime group first observed around May 2022. Known for their adaptability, they operate under multiple aliases including Octo Tempest, Muddled Libra, and 0ktapus. At first, they specialized in SIM swapping and credential theft.

A compromise of Salesloft’s GitHub kicked off a supply‑chain campaign that used stolen OAuth tokens from Drift to export data at scale from Salesforce.

A Security Operations Center (SOC) analyst uses a variety of tools to monitor, detect, analyze, and respond to cybersecurity threats.