Posts

, ,

Scattered Spider Attacks Again

Scattered Spider Attacks Again
By Skeeter Wesinger
July 2, 2025

In yet another brazen display of cyber subterfuge, Scattered Spider, the slick, shape-shifting cyber gang with a knack for con artistry, has struck again—this time sinking its fangs into Qantas Airways, compromising data on as many as six million unsuspecting customers. It wasn’t some arcane bit of code that cracked the system. It was human weakness, exploited like a well-worn key.
The breach targeted a third-party customer service platform, proving once again that it’s not always your network that gets hacked—it’s your vendor’s.
A Familiar Pattern, a New Victim
Qantas now joins the growing list of high-profile victims stalked by Scattered Spider, a crew whose previous hits include MGM Resorts, Caesars, Hawaiian Airlines, and WestJet. Their calling card? Social engineering at scale—not brute force, but charm, guile, and just enough personal data to sound like they belong.
They impersonate. They coax. They wear your company’s name like a mask—and by the time IT realizes what’s happened, they’re already inside.
This time, they walked away with customer names, emails, phone numbers, birthdates, and frequent flyer numbers. No passwords or payment data were accessed—Qantas was quick to say—but that’s cold comfort in an age when a birthday and an email address is all that it takes to hijack your digital life.
“Trust, but Verify” is Dead, well, sort of.
As Qantas CEO Vanessa Hudson issued the standard apology—support lines are open, regulators are notified, the sky is still safe. But the real damage isn’t operational. It’s existential. Trust doesn’t come back easy, especially when it’s breached by a whisper, not a weapon.
“We used to worry about firewalls and phishing links,” one insider told me. “Now it’s your own help desk that opens the front door.”
Scattered Spider doesn’t hack computers. They hack people—call center agents, IT support staff, even security teams—using their own policies and training scripts against them. Their English is fluent. Their confidence is absolute. Their patience is weaponized.
The Breach Beneath the Breach
What’s truly alarming isn’t just that Scattered Spider got in. It’s how.
They exploited a third-party vendor, the soft underbelly of every corporate tech stack. While Qantas brags about airline safety and digital transformation, it was a remote call-center platform—likely underpaid, overworked, and under-secured—that cracked first.
We’ve heard this story before. Optus. Medibank. Latitude. The names change. The failures rhyme.
And the hackers? They have evolved.
The Next Call May Already Be Happening
Scattered Spider is a ghost in the wires—a gang of young, highly skilled social engineers, some rumored to be based in the U.S., operating like a twisted start-up. Their tools aren’t viruses—they’re LinkedIn, ZoomInfo, and your own onboarding documents.
What you can do is rethink your threat model. Because the enemy isn’t always a shadowy figure in a hoodie. Sometimes it’s a cheerful voice saying, “Hi, I’m calling from IT—can you verify your employee ID?”
By then, it’s already too late. Need to hire an expert? Call me.

/by
, ,

When Cybersecurity Is an Afterthought

When Cybersecurity Is an Afterthought: The Victoria’s Secret Breach and the Looming Threat to E-Commerce
By Skeeter Wesinger
May 30, 2025

Victoria’s Secret recently experienced a significant cybersecurity incident that led to the temporary shutdown of its U.S. website and the suspension of certain in-store services. The company stated, “We have taken down our website and some in-store services as a precaution,” emphasizing their commitment to restoring operations securely.
While the exact nature of the breach remains undisclosed, the incident aligns with a series of cyberattacks targeting major retailers. Notably, the threat group known as Scattered Spider has been linked to similar attacks on UK retailers, including Marks & Spencer and Harrods. Security experts suggest that the tactics employed in the Victoria’s Secret breach bear a resemblance to those used by this group.
The impact of the breach extended beyond the digital storefront. Reports indicate disruptions to internal operations, including employee email access and distribution center functions. Customers faced challenges in placing orders, redeeming coupons, and accessing customer service.
Financially, the incident had immediate repercussions. Victoria’s Secret’s stock experienced a decline of approximately 7%, reflecting investor concerns over the implications of the breach.
This event highlights a broader issue: the persistent vulnerability of retailers to cyber threats, which is often exacerbated by inadequate adherence to cybersecurity protocols. Despite the increasing frequency of such attacks, many organizations remain underprepared, lacking robust security measures and comprehensive response plans.
Furthermore, the reluctance of some companies to disclose breaches hampers collective efforts to understand and mitigate cyber threats. Transparency is crucial in fostering a collaborative defense against increasingly sophisticated cybercriminals.
In conclusion, the Victoria’s Secret breach serves as a stark reminder of the critical importance of proactive cybersecurity measures. Retailers must prioritize the implementation of comprehensive security protocols, regular system audits, and employee training to safeguard against future incidents. The cost of inaction is not just financial but also erodes consumer trust and brand integrity.

/by
, , ,

In a classic phishing move

In a classic phishing move: spoofing a legit security company like VadeSecure to make the email look trustworthy. Irony at its finest—phishers pretending to be the anti-phishing experts.

Here’s what’s likely going on:

  • vadesecure.com is being spoofed—the return address is faked to show their domain, but the email didn’t actually come from Vade’s servers.

  • Or the phishers are using a lookalike domain (e.g., vadesecure-support.com or vadesecure-mail.com) to trick people not paying close attention.

If you still have the email:

  • You can check the email headers to see the real “from” server (look for Return-Path and Received lines).

  • If the SPF/DKIM/DMARC checks fail in the headers, that’s confirmation it’s spoofed.

  • You can also report it to VadeSecure directly at: abuse@vadesecure.com

By Skeeter Wesinger

March 26, 2025

/by
, , , , ,

DeepSeek’s Mind-Blowing AI Solution Caught in a Cover-Up?

DeepSeek, a rising CCP AI company, was under siege. The company’s official statement, issued in careful, bureaucratic phrasing, spoke of an orchestrated “distributed denial-of-service (DDoS) attack” aimed at crippling its systems. A grave and urgent matter, to be sure. Yet, for those who had followed the firm’s meteoric rise, there was reason for skepticism

DeepSeek had, until this moment, presented itself as a leader in artificial intelligence, one of the few entities capable of standing alongside Western firms in the increasingly cutthroat race for dominance in machine learning. It was a firm backed, either openly or in whispered speculation, by the unseen hand of the Chinese state. The company’s servers, housed in mainland China, were reportedly fueled by NVIDIA H800 GPUs, their interconnections optimized through NVLink and InfiniBand. A formidable setup, at least on paper

But then came the curious measures. Whole swaths of IP addresses, particularly from the United States, were unceremoniously blocked. The platform’s registration doors were slammed shut. And in the vague, elliptical style of official Chinese pronouncements, the public was assured that these were emergency steps to preserve service stability. What the company did not say—what they could not say—was that these actions bore all the hallmarks of a hasty retreat, rather than a tactical defense

For a true DDoS attack—one launched by sophisticated adversaries—there were measures to mitigate it. Content delivery networks. Traffic filtering. Rate-limiting techniques refined over decades by those who had fought in the trenches of cybersecurity. Yet DeepSeek’s response was not one of resilience, but of restriction. They were not filtering the bad actors; they were sealing themselves off from the world

A theory began to take shape among industry watchers. If DeepSeek had overestimated its own technological prowess, if its infrastructure was ill-prepared for rapid growth, the sudden influx of new users might have looked, to their own internal systems, like an attack. And if the company was not merely a commercial enterprise but an entity with deeper ties—perhaps to sectors of the Chinese government—it would not do to admit such failings publicly. To confess that their AI could not scale, that their systems could not bear the weight of global interest, would be an unpardonable humiliation.

The consequences of such a revelation would be severe. The markets had already felt the tremors of cyberattacks; the global economy had bled $1.5 trillion due to disruptions of this nature. If DeepSeek, a firm hailed as the vanguard of China’s AI ambitions, was faltering under its own weight, the financial and political repercussions would extend far beyond the walls of its server farms. The illusion of invulnerability had to be maintained

Thus, the narrative of a “DDoS attack” was not merely convenient—it was necessary. It allowed DeepSeek to take drastic action while obscuring the truth. Blocking foreign IPs? A countermeasure against cyber threats. Suspending new users? A precaution against infiltration. A firm whose technological backbone was more fragile than its reputation suggested had suddenly found an excuse to withdraw from scrutiny under the guise of self-defense

It is in such moments that history leaves its telltale fingerprints. The annals of technological development are filled with entities that stumbled not due to sabotage, but due to their own shortcomings, concealed under layers of propaganda and misdirection. One wonders if, years from now, when the documents are unsealed and the real story emerges, historians will look back at DeepSeek’s so-called DDoS crisis not as an act of foreign aggression—but as a moment of revelation, when the cracks in the edifice became too great to hide

Also, the DeepSeek app has been removed from both Apple’s App Store and Google’s Play Store in Italy. This action occurred after Italy’s data protection authority, known as the Garante, requested information from DeepSeek regarding its handling of personal data. Users attempting to access the app in Italy received messages indicating that it was “currently not available in the country or area you are in” on Apple’s App Store and that the download “was not supported” on Google’s platform. As reported by REUTERS.CO

Regarding Ireland, the Irish Data Protection Commission has also reached out to DeepSeek, seeking details about how it processes data related to Irish users. However, as of now, there is no confirmation that the app has been removed from app stores in Ireland. As reported by THEGUARDIAN.COM

Currently there is no publicly available information indicating that DeepSeek has specifically blocked access from Apple, Google, or individual reporters’ servers. It’s possible that access issues could be related to the broader measures DeepSeek has implemented in response to recent events, but without specific details, it’s difficult to determine the exact cause.

For now, the truth remains elusive, hidden behind digital firewalls and the careful hand of censorship. But as in all such cases, history is patient. It waits for those who will dig deeper, who will look beyond the official statements and ask: Was it an attack? Or was it something else entirely?

Story By Skeeter Wesinger

January 30, 2025

 

/by