Get Started

Cybersecurity Services

Cybersecurity Services
vCISO / Fractional CISO
Offensive Security & Penetration Testing
Incident Response & Digital Forensics
Cybersecurity Awareness
CMMC Compliance

Managed IT Services

Help Desk & End User Support
NOC (Server/Network RMM)
MDR/XDR (AI-Assisted SOC)

Professional Services

Remote Deployment and Operations
Staff Augmentation
AI & Automation Consulting

Solutions

Infrastructure & Security
Cloud & Data Center
Data Protection & Backup/DR
Zero Trust Security
Remote Workforce & Endpoints
Collaboration & Innovation
Virtual Desktops & Apps (VDI)
Unified Communications
Mobility Solutions

Industries

Federal Government
State and Local Government
Healthcare
Education
Critical Infrastructure
All Industries

Partners

Omnissa
Dell EMC
Hitachi
Microsoft
Google
HPE
Nutanix
Commvault
FileCloud
Login VSI
TURBO.NET
Red Hat
All Partners

Insights

Blog
Z7 Cyber Intelligence
Case Studies
Capability Statement

About

Why Z7 Solutions
Contract Vehicles
Careers
Contact Us
  • Home
  • Z7 Cyber intelligence
  • Scattered Spider

Scattered Spider

Z7-TAF THREAT SCORE
0 /10.0

CLASSIFICATION

CRITICAL THREAT

The Kids Who Took Down Vegas and Broke the Cloud

In September 2023, a group of teenagers and young adults, most under 25, paralyzed the Las Vegas Strip. MGM Resorts lost $100 million. Six terabytes of data vanished. And it all started with a 10-minute phone call to the help desk.

Eighteen months later, the same playbook took down Marks & Spencer for 46 days, costing over $400 million. Same attack vector. Same social engineering. Same lessons not learned.

Attacks Dissected in this report

MGM Resorts (Sept 2023)

$100M+ loss, 6TB data stolen, 10-day shutdown - Z7-BAF 8.89

Snowflake Campaign (2024)

165+ orgs breached, billions of records, AT&T/Ticketmaster - Z7-BAF 9.21

Marks & Spencer (April 2025)

$400M+ loss, 46-day outage, 9.4M customers - Z7-BAF 8.64

The uncomfortable truth

Scattered Spider doesn’t need zero-days. They don’t need advanced malware. They call your help desk, sound like a frustrated employee, and ask for a password reset. Your staff, trained to be helpful, complies. Game over.

The Snowflake campaign proved it even worse: they didn’t hack 165 companies. They used credentials stolen by infostealers in 2020 that were never rotated, on accounts that never had MFA enabled. Your ‘credential debt’ is their payday.

What's in the full intelligence report

  • Complete Z7-TAF Analysis: All 7 dimensions scored with detailed rationale
  • 3 Full Z7-BAF Attack Dissections: MGM, Snowflake, M&S with timelines and component scores
  • 3 Full Z7-BAF Attack Dissections: MGM, Snowflake, M&S with timelines and component scores
  • The Social Engineering Playbook: Exact techniques that bypass your security awareness training
  • Arrest Timeline: Who's been caught (UK, US, Spain) and who's still active

ABOUT Z7 CYBER INTELLIGENCE

Z7 Cyber Intelligence delivers threat analysis and breach assessments used by security teams, compliance officers, and executive leadership. Our proprietary Z7-TAF and Z7-BAF frameworks provide quantified, defensible scoring that enables data-driven risk decisions.

Proprietary Methodology

Z7-TAF (Threat Actor Framework) and Z7-BAF (Breach Assessment Framework) are proprietary scoring systems developed by Z7 Solutions. Detailed scoring criteria, dimension weights, and assessment rubrics are proprietary. Complete methodology documentation is available under NDA for clients.

Get your Scattered Spider Intelligence Report NOW!
This page provides an executive-level preview only. Detailed analysis, scoring methodology, and proprietary frameworks are available in the full intelligence report.