A cybercriminal group previously linked to attacks on U.K. and U.S. retailers is now targeting the insurance industry. Google researchers say the group, believed to be part of Scattered Spider, is behind several recent cybersecurity intrusions. These incidents have affected multiple insurance companies in the United States.
Pattern of Targeted Intrusions
Scattered Spider, a group known for conducting sector-specific campaigns, was initially linked to attacks on retail organizations beginning in April 2025. Google’s Threat Intelligence Group now reports a new wave of targeting specifically affecting insurance companies.
According to John Hultquist, chief analyst at Google Threat Intelligence Group, the current activity pattern “bears all the hallmarks of Scattered Spider,” reports Cybersecurity Dive. Sophisticated social engineering and other tactics aim to exploit human vulnerabilities in IT support channels. For example, cyber criminals may target help desks and call centers, tricking staff into bypassing cybersecurity protocols like multifactor authentication.
Social Engineering Risks
Hultquist emphasizes that the threat group’s methodology often includes deceptive strategies aimed at gathering user credentials and compromising security infrastructure. He advises heightened vigilance across the insurance sector, particularly for organizations with frontline staff who may be targeted through social manipulation.
In response to this threat, cybersecurity firm Mandiant released a technical guide in May to help cybersecurity teams recognize and defend against the methods commonly associated with Scattered Spider.
Recent Cybersecurity Activity Under Review at Erie Insurance
Separately, Erie Insurance recently reported a cybersecurity incident involving unusual network activity on June 7. The company is working with law enforcement and security experts to investigate and has advised customers to remain cautious about unsolicited communications. No attribution has been made regarding the cause of the incident.
For additional details, read the Cybersecurity Dive article.
Stay informed and ahead of the curve — explore more industry insights and program opportunities at ProgramBusiness.com.