Is Scattered Spider really redefining cyber risk – or are we just waking up to reality?
From the passing Telegraph and Guardian coverage to orchestrated BBC and NCSC collaboration, the British media is repeatedly spotlighting Scattered Spider as 2025’s stimulant to jolt organisations into action. While this coverage has dislodged two blatant misconceptions, it has propagated several more subtle ones.
There are at least two narratives that have been immediately shattered by Scattered Spider’s recent spate of attacks. One is that the term ‘sophisticated attack’ absolves an organisation as an unfortunate and helpless victim. The second is that an unconfirmed attacker can be conveniently assumed as Russian (or North Korean or Iranian) in the absence of evidence. In future, a vague post-attack PR statement that a ‘sophisticated British teenager’ has upended a multi-million-pound business, won’t muster the same air of plausible regretability.
But as these sacred cows are questioned, several new misconceptions have been invented or invigorated by the Scattered Spider saga:
- The ‘human element’ is the weakest. If we solve that, we solve ransomware.
Social engineering is certainly part of the playbook, but overly focusing on human fallibility misses the underlying gaps in identity and access controls that enable lateral movement and persistence. - ‘Vishing’ should now be the primary focus as social engineering’s leading technique.
Attacker’s tactics extend far beyond voice-based attacks as SIM swapping, MFA fatigue attacks, and legacy authentication protocol abuse are all part of the same identity-centric threat model. That’s without mentioning the threat posed by AI-augmented phishing techniques that will increasingly bring non-native English attackers up to par with Scattered Spider’s reported USP. - Scattered Spider’s window of opportunity was a single successful fraudulent phone call.
But how did the individuals associated with Scattered Spider manage to create a realistic pretext for their vishing scenario? It is easier to blame the psychology of deception than to acknowledge the vast footprint of exposed data, open-source intelligence (OSINT), and weak verification processes that may have made the social engineering possible in the first place. From LinkedIn roles and contact details, to leaked helpdesk scripts or leaked internal process documents, attackers’ reconnaissance opportunities can and should be reverse engineered and simulated. - Attackers target certain industries and countries for sustained periods before moving on.
Reports claiming that Scattered Spider have “moved on” from UK retail to US insurance or aviation paint a misleading picture of groups exclusively targeting a specific industry, as opposed to more commonly seen opportunistic targeting across multiple sectors simultaneously. This should not create a false sense of security for those industries that are reportedly ‘in the clear’.
Let’s explore the first and arguably the most interesting point here – what constitutes a truly ‘sophisticated’ social engineering or ‘vishing’ campaign now and in the coming years?
Basic phishing enhancements
Those in the ransomware business, like their non-criminal counterparts, are already using AI to complement existing techniques and increase profitability.
The extensive time and effort required to gather contextual information and convincingly mimic employees in a specific company or industry has been irreversibly minimised.
Most obviously, generative AI is allowing attackers to craft flawless, context-aware emails and chat messages at scale, eliminating the grammatical or cultural cues that traditionally betrayed non-native attackers. There has been a clear rise in AI-augmented spear-phishing, where attackers feed AI with OSINT data scraped from LinkedIn, leaked CVs, or corporate press releases to generate targeted and natural-sounding pretexts.
But where’s the sophistication?
Some initial access brokers (IABs) are experimenting with AI voice cloning to impersonate senior officials and other trusted figures via phone and voicemail (as the FBI recently warned) or deepfake technology (e.g. recent $25 million Arup attack) and one would expect wider adoption as tools mature. Public audio from online interviews, speeches, or social media clips are enough to build a convincing clone of someone’s image, voice, tone and intonation.
Moreover, voice cloning and chatbots can be combined to conduct interactive social engineering. Attackers can now simulate live phone conversations with cloned voices while AI-driven scripts respond dynamically to questions or hesitation (with vary degrees of realism), creating an illusion of spontaneity and authenticity. As attackers experiment with deepfake video and real-time facial morphing ‘visual confirmation’ checks can be bypassed, effectively undermining the traditional ‘video call fallback’ for validating identity.
This level of realism is transforming vishing from an art of persuasion into an automated, scalable service.
How close to human is GenAI social engineering?
Arguably the most comprehensive research study on GenAI believability in a cyber-attack context comes from security researchers affiliated with the Universidade de Lisboa, who developed a fully open-source technically accessible framework named ViKing (Voice Impersonation Kingpin).
Using widely available tools such as ChatGPT, ElevenLabs, and Whisper, the researchers determined how realistically and persuasively an AI-driven caller could impersonate a human in a phishing context, simulating targeted voice phishing scenarios using AI-generated voices across three scenarios:
- Generic phishing script using a cloned voice
- Context-specific script with human voice delivery
- Fully AI-generated voice with tailored context and real-time adaptability
The results were striking. In the most advanced scenario where generative AI was used to tailor the pretext using OSINT and deliver it through a cloned voice, 68% of participants believed they were speaking to a real human. Notably, 47% of those participants said they would have complied with a moderate-impact request (such as resetting a password or verifying MFA) without escalation.
On the ‘uncanny valley’ graph below, current AI-augmented phishing/vishing may still be somewhere between a ‘bunraku puppet’ and a ‘healthy person’, but it is fast approaching human likeness.
The rapid progress of generative AI means we are likely only a handful of development cycles away from routine use of AI avatars that can pass casual human scrutiny.
The evolution of vishing
The continued evolution of vishing could be placed on a spectrum ranging from crude, low-context phone scams to AI-assisted, context-rich, senior personnel impersonations capable of bypassing traditional human verification.
- Generic scripts with little to no research (e.g., “Hi, this is IT, can you reset your password?”).
- Typically flagged quickly due to lack of insider knowledge and unconvincing delivery.
Level 2: Low- to mid-context, AI-generated voice call
- AI voice cloning for tone and delivery but with minimal or generic pretext work.
- Convincing voice quality but ineffective if context doesn’t align with expectations.
Level 3: High context, well-researched human voice call
- A skilled social engineer gathers significant OSINT and delivers a believable, confident call.
- Relies on charisma, improvisation, and knowledge of internal processes.
Level 4: High-context, quality AI-generated voice impersonating a specific employee or executive
- Combines extensive OSINT with advanced voice cloning, potentially real-time AI interaction.
- The biggest ‘growth area’ in vishing sophistication today, capable of mimicking an actual voice, equipped with internal knowledge, with minimal barriers to entry (i.e. language or tech investment).
- Just how close we are to this level of believability is subjective, but it either here or fast approaching).
The final tier collapses traditional safeguards, like language fluency, familiarity with organisational structure, or voice recognition. What’s concerning is that while organisations scramble to demonstrate they’re not vulnerable to a “Scattered Spider-style” breach, they may not recognise that said techniques are soon to be surpassed.
Assumed breach is the logical next step
It is tempting to treat Scattered Spider’s success as proof that social engineering is the main failure vector.
But even if an organisation perfectly trains staff against every imaginable vishing tactic, it remains vulnerable if its identity and access controls are poorly segmented or rely on outdated protocols. Once an attacker gains a foothold, whether through a phishing email, a compromised supplier account or a fraudulent phone call – human or AI-generated – the real damage comes from attacker’s ability to move laterally, escalate privileges, and ultimately achieve their aims undetected.
The notion that “it all started with a single call” dangerously oversimplifies the layered reality of attacks like those attributed to Scattered Spider. Their operations are rarely a one-and-done success. Rather, they blend OSINT-driven pretexting with identity-centric techniques such as SIM swapping, MFA fatigue attacks, and exploitation of legacy authentication protocols. These are designed to systematically bypass security barriers once an initial interaction has succeeded.
A modern defence strategy must accept compromise as a starting assumption and build layers of resilience around it. This means not only reverse-engineering the reconnaissance process by simulating how attackers gathering context and pretext, but by hardening identity systems, and detecting anomalous behaviour post-access. Organisations that focus solely on prevention risk being blindsided by attackers who only need one lapse, while a defence-in-depth posture treats every access request as untrusted until verified through strong, multi-layered controls.
Sean Moran
Sean is a security writer with a focus on ransomware extortion and its impact on the wider cyber security industry.