It is the Supply Chain That is Being Attacked

I can’t say this enough. Supply chains are the weak spot and hackers know it and abuse it.

Scattered Spider, the group responsible for attacks on US insurance firms Aflac, Philadelphia and Erie and British retailers like Marks & Spencer and others, uses supply chain attacks as their favorite method.

After they use social engineering on the target’s supply chain (usually the outsourced help desk), they are now going after their data storage tools.

Snowflake is another member of many companys’ supply chains that is used for large file transfers between the company and yet more members of their supply chain.

In many incidents, Scattered Spider has been looking for the victim’s Snowflake credentials.

While the FBI has been warning about these attacks since 2023, they are investigating attacks as recent as June 2025.

Google’s Mandiant says the hackers are hibernating right now after the arrest of some of their members in the UK last month. That is unlikely to last.

The interesting things about these attacks is that they are very low tech – social engineering and phishing, mostly against helpdesks – and it is reliably working. So, why try to figure out complex high-tech attacks when you can just try turning the doorknob.

If you are not testing your internal or external helpdesk security, you could be their next victim. Contact us. Credit: The Record

by