This is a cybersecurity advisory issued by the Utah Statewide Information and Analysis Center (SIAC) regarding a significant and ongoing cyber threat from a financially motivated threat group known as Scattered Spider.
This group is very likely to target—or continue targeting—organizations in Utah, including critical infrastructure and essential service providers. Although there have been no publicly confirmed incidents involving Utah’s water sector, the group has shown the ability to disrupt essential services across the United States. Their tactics include social engineering, credential theft, vendor compromise, and ransomware-related extortion.
Key takeaways from the advisory include:
-
Scattered Spider specializes in impersonation and social engineering tactics to trick employees or vendors into providing login credentials or one-time passcodes, allowing attackers to bypass multi-factor authentication.
-
The group increasingly targets organizations through third-party vendors, managed service providers, and remote access systems, creating risk for interconnected environments.
-
Recent campaigns have focused on data theft, system disruption, and double-extortion, where stolen data is threatened to be leaked if ransom demands are not met.
-
Successful attacks can result in service outages, exposure of sensitive data, financial loss, and erosion of public trust in essential services.
-
Water operators and utilities are encouraged to review the attachment and assess their cybersecurity posture, particularly around:
-
Employee awareness and verification of IT-related requests
-
Vendor and third-party access controls
-
Protection of remote access systems and credentials
-
Incident reporting and response procedures
This information is shared to support awareness and proactive risk reduction. Please distribute it to appropriate personnel within your organization.
If you feel like your system has been compromised, have questions, or would like assistance reviewing recommended cybersecurity practices, please contact the Utah Division of Drinking Water 24-hour emergency response number at (801-560-8456)
If your system has been compromised please report a breach to the Utah Cyber Center (801) 538-3011 cybercenter.utah.gov.
Thank you for your continued commitment to protecting Utah’s critical infrastructure.
