Nothing Like AugurHow It WorksGet AccessLearn More

Augur Identifies Scattered Spider Infrastructure Months Ahead of New Uptick

Research Team
Download PDF

Scattered Spider is making the news again, and the Augur Preemptive Cybersecurity Platform has you covered.

Once again, Augur preemptively protected users against a rapidly emerging and evolving threat. This time, Augur identified 4 IPs (part of 3 separate CIDRs) associated with Scattered Spider months in advance of the latest round of attacks, protecting one of our large telecom customers against 49 separate attempted attacks.

Who Are Scattered Spider and Why Do They Matter?

Scattered Spider, a group of young, English-speaking cybercriminals with ties to the “Com” ecosystem, has surged back to prominence in recent months. According to a recent piece in Wired Magazine, Scattered Spider is one of the most serious online threats to retailers and airlines. 

Using highly refined social engineering tactics, they impersonate employees (often via Help Desk calls or phishing sites spoofing legitimate services, such as Okta or VPN portals), bypass multi-factor authentication, infiltrate company networks, and deploy ransomware or data-exfiltration extortion campaigns. 

After a quiet period in 2024 due to law‑enforcement pressure, they’ve re‑emerged in Q2 2025 with coordinated strikes across UK retailers, North American insurers, and, most recently, airlines, with the FBI and other agencies sounding the alarm about vulnerabilities in help‑desk processes and identity verification. You can read more about Scattered Spider on Wired.com.

Here is What We Knew and When.

The IPs below that Augur identified in advance have all been confirmed malicious and associated with Scattered Spider by 3rd party threat research.

162[.]19[.]135[.]215

45[.]32[.]221[.]250

45[.]63[.]39[.]151

45[.]63[.]39[.]116

As always, if you aren’t already blocking these IP addresses, we highly recommend that you do so.

Just Because an IP is Quiet Doesn’t Mean it’s Clean.

Cybercriminals often use older infrastructure and even recycle infrastructure, reusing IPs that were once active and could strike again at any time. In this case, some of the IPs identified were several years old. 

Backed by over a decade of infrastructure tracking and millions of IOCs, Augur’s knowledge base is like a global directory of bad actor IPs, past and present. In a world of fast-moving, AI-powered threats, this deep memory is a key component of what makes Augur an essential part of any modern security stack.

Sound Too Good to Be True? Don’t Take Our Word For It!

Experience firsthand the benefits of preemptive cyber defense with a quick proof of value (POV).

We'll integrate Augur into your SIEM for 30 days. At the end, you'll receive a clear report detailing the threats Augur identified and how much earlier you would have been protected. We'll also provide data-driven estimates on alert reduction and the resulting impact on your SOC's time and efficiency.

Ready to see the difference? Just drop us an email, and we’ll set up a free, no-obligation assessment.

Augur Security
4660 La Jolla Village Dr. # 100 San Diego, CA 92122 USA
(888) 521-5857
© COPYRIGHT 2025 AUGUR SECURITY