Back to advisories

Alleged Scattered Spider hacker extradited to the United States

Scattered Spider member Peter Stokes extradited to U.S. after involvement in at least four major breaches targeting high-profile companies. The group exploits social engineering and MFA bombing to gain initial access and move laterally. Ransomware demands and operational disruption are primary attack outcomes.

HIGHAdvisoryJul 02, 2026
Action required
Audit MFA policies for bypass weaknesses. Implement conditional access rules to block unusual login patterns and MFA bombing attempts. Search logs for social engineering indicators: credential reuse across accounts, unusual after-hours access, and rapid MFA challenges from single sources.