Scattered Spider is a financially motivated cybercriminal collective believed to have emerged in 2022​. Uniquely, this group consists largely of native English-speaking members (reportedly as young as 16) operating mainly from the UK and USA​. Rather than a single hierarchical gang, Scattered Spider is best described as a loose but well-organised network of threat actors who share tactics and often collaborate in real-time via online forums and chat platforms​. The group initially gained notoriety through social engineering attacks – using persuasive deception to obtain credentials – and has since expanded its techniques to include aggressive extortion and ransomware deployment for profit​. 

Scattered Spider is known to affiliate with the ALPHV/BlackCat ransomware operation, acting as an initial access broker or ransomware affiliate for that Russian-speaking gang​. This partnership marked one of the first times English-speaking hackers have directly collaborated with Eastern European ransomware crews​. The group has also been linked with other Ransomware-as-a-Service (RaaS) outfits – recent investigations suggest Scattered Spider actors have worked with or “white-labelled” ransomware from actors such as Ransom.House/Ransom[Hub], Qilin and DragonForce in different campaigns​. Their core motivation is financial gain through extortion, though security researchers note an element of bravado – members often boast about their exploits in criminal forums, seeking notoriety alongside money​. In line with this, Scattered Spider’s high-level behaviour is characterised by advanced, targeted social engineering, theft of data for blackmail, and disruptive attacks on large enterprises to pressure victims into paying ransoms.