“One of the most dangerous financial criminal groups” — and growing in sophistication. That is Microsoft’s assessment of the 0ktapus cyberattack collective, which was most recently in the news for carrying out the strikingly disruptive MGM and Caesars Entertainment ransomware hits.

The English-speaking group (aka Scatter Swine, UNC3944 or, as Microsoft calls it, “Octo Tempest”) typically engages in adversary-in-the-middle (AitM) techniques, social engineering involving calling up targets directly, and SIM swapping. It’s been known to carry out cryptocurrency theft, data-leak extortion, and ransomware attacks (it became a BlackCat/ALPHV affiliate in mid-2023). Aside from the casino/hospitality wins in September, it previously made a name for itself by specializing in successfully compromising Okta credentials in a spate of attacks, including the widespread Twilio leak last August.