Sekoia.io analysts published an overview detailing the activities of Scattered Spider, a lucrative intrusion set engaged in social engineering, ransomware, extortion campaigns, and other advanced techniques. In this report, we provide our analysis of the progressive evolution of the intrusion set's modus operandi, motivations, victimology, and Tactics, Techniques, and Procedures (TTPs). Over the past years, Scattered Spider's operational strategy shifted significantly from targeted phishing to the deployment of BlackCat ransomware, resulting in an expansion of their arsenal and adjustments of their targeting. We actively tracked the dedicated phishing infrastructure, enabling us to monitor the recent campaigns and changes in their targeting. Related resources: * [FLINT 2024-005 - Scattered Spider laying new eggs](https://app.sekoia.io/intelligence/objects/report--27a504ef-b2ae-40d4-b7ec-d46ac651fdb0) * [Scattered Spider intrusion set page](https://app.sekoia.io/intelligence/objects/intrusion-set--8c8168bf-91f7-424a-9236-f5b13df439bb)