Two financially-motivated threat groups, Cordial Spider and Snarky Spider, are targeting U.S. critical infrastructure sectors using voice-phishing and social engineering to steal credentials via fake single sign-on pages. Once inside, they disable MFA, delete alerts, and exfiltrate data for high-value extortion, often leveraging residential proxies to evade detection. The primary attack vector is the compromise of identity platforms to traverse SaaS environments for data theft.
Security Operations , Phishing , Identity , Critical Infrastructure Security , Threat Intelligence 2 threat groups linked to The Com target critical infrastructure with data theft May 1, 2026 Share By SC Staff (Adobe Stock) Two persistent threat groups affiliated with The Com, known as Cordial Spider and Snarky Spider, are actively targeting organizations across multiple critical infrastructure sectors for rapid data theft and extortion attacks, CyberScoop reports. These financially-motivated attackers, closely aligned with Scattered Spider, use voice-phishing and social engineering to breach victims' identity platforms and traverse SaaS environments, according to a report by CrowdStrike. They primarily target U.S. organizations in academic, aviation, retail, hospitality, automotive, financial services, legal, and technology sectors. The attackers gain initial access by tricking employees into visiting phishing pages that mimic legitimate single sign-on or identity provider pages, capturing credentials, session keys, or tokens. Once inside, they disable multi-factor authentication and delete alerts to cover their tracks. While tactics, techniques, and procedures vary between the subgroups, their objective is data theft for extortion, with demands often in the seven-figure range. Some victims have also faced DDoS attacks or swatting incidents. Both groups utilize residential proxy networks to evade detection, blending in with normal network traffic. Source: CyberScoop SC Staff Related Security Operations State cybersecurity leaders discuss prioritizing security upgrades SC Staff May 1, 2026 During a National Association of State Chief Information Officers conference, officials like Rex Menold, Michigan's chief security officer, shared that agencies, not central IT, often decide on security priorities. Security Operations Hackers accidentally leak database of stolen credit cards due to AI coding error SC Staff May 1, 2026 Hackers utilized an AI-assisted development tool called Cursor to build a statistics dashboard for Jerry's Store. Security Operations OpenAI enhances ChatGPT security with YubiKey partnership SC Staff May 1, 2026 OpenAI's new Advanced Account Security program, available to all ChatGPT users, includes a partnership with Yubico to integrate phishing-resistant security keys. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Business Email Compromise (BEC) Countermeasure DNS Spoofing Darknet Deauthentication Attack Deepfake Discretionary Access Control (DAC) Drive-by Download DumpSec Fault Line Attacks You can skip this ad in 5 seconds