
SCARS Institute’s Encyclopedia of Scams™ Published Continuously for 25 Years

The Octo Tempest Cybercrime Gang – A Global Cybercriminal/Hacker Group Attacking The Financial Industry
What is the Octo Tempest Cybercrime Gang
Octo Tempest is a professional organized cybercriminals group that emerged in 2021 and has since become one of the most active and sophisticated threat actors in the global cybersecurity landscape. The group is known for its highly targeted attacks on large corporations and financial institutions, often stealing millions of dollars in the process.
Octo Tempest is a highly skilled group that utilizes a wide range of attack techniques, including:
- Social engineering: Tricking victims into revealing sensitive information or clicking on malicious links.
- Spear-phishing: Sending targeted emails that appear to be from legitimate sources, such as banks or government agencies.
- Malware: Using malicious software to gain access to victims’ computers and networks.
- Zero-day exploits: Taking advantage of vulnerabilities in software that the developers are not aware of.
Octo Tempest is also known for its ability to adapt its tactics, techniques, and procedures (TTPs) to evade detection and stay ahead of security defenses. The group has a sophisticated infrastructure that includes multiple layers of encryption and anonymization, making it difficult to track its activities.
As of today, Octo Tempest remains active and continues to pose a significant threat to organizations worldwide. It is important for businesses and individuals to be aware of the group’s capabilities and take steps to protect themselves from its attacks.
Octo Tempest Cybercrime Examples
some examples of specific Octo Tempest attacks or cybercrime:
-
SIM-swapping attacks: Octo Tempest has been known to use SIM-swapping attacks, which involve tricking mobile phone carriers into transferring a victim’s phone number to a SIM card controlled by the attackers. This allows the attackers to intercept the victim’s text messages and phone calls, including two-factor authentication codes. Octo Tempest has used SIM-swapping attacks to steal millions of dollars from cryptocurrency exchanges.
-
Data breaches: Octo Tempest has also been involved in a number of high-profile data breaches, including the breaches of MGM Resorts and Caesars Entertainment in September 2023. In these attacks, the attackers stole the personal information of millions of customers, including names, addresses, and credit card numbers.
-
Ransomware attacks: In addition to data breaches, Octo Tempest has also been linked to ransomware attacks. In these attacks, the attackers encrypt a victim’s computer files and demand a ransom payment in exchange for the decryption key. Octo Tempest has been known to target large corporations with ransomware attacks, demanding millions of dollars in ransom payments.
These are just a few examples of the many attacks that Octo Tempest has been involved in. The group is a constant threat to businesses and individuals alike, and it is important to be aware of its capabilities and take steps to protect yourself.
According to Microsoft:
Octo Tempest monetized their intrusions in 2022 by selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals to steal their cryptocurrency.
According to Malwarebytes:
Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world.
Initially the group made a name for itself by SIM swapping. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim’s carrier.
Since then the group has expanded its range of activities to include targeting organizations providing cable telecommunications, email, and tech services, and partnering with the ALPHV/BlackCat ransomware group.
According to DarkReading:
The financially motivated hacking group Octo Tempest, responsible for attacking MGM Resorts International and Caesars Entertainment in September, has been branded “one of the most dangerous financial criminal groups” by Microsoft’s Incident Response and Threat Intelligence team.
The group, also known as 0ktapus, Scattered Spider, and UNC3944, has been active since early 2022, initially targeting telecom and outsourcing companies with SIM swap attacks.
It later shifted to extortion using stolen data, and by mid-2023 the group had partnered with ALPHV/BlackCat ransomware, initially leveraging the ALPHV Collections leak site and later deploying the ransomware, focusing on VMWare ESXi servers.
How Octo Tempest Works
Octo Tempest’s recent attacks targeted organizations across a variety of industries, including gaming, natural resources, hospitality, consumer goods, retail, managed service providers, manufacturing, legal, technology, and financial services.
Octo Tempest typically gains initial access through advanced social engineering, which targets the accounts of technical administrators with sufficient privileges, such as support and help desk personnel, for further attacks.
- Octo Tempest also conducts voice phishing, which tricks technical administrators into performing a password reset and resetting multi-factor authentication (MFA) settings by mimicking voice. Other methods of initial access include:
- Trick the target into installing remote monitoring and management software
- Login information is stolen through phishing websites
- Buy credentials or conversation scepters from other cybercriminals
- Newsletter: Phishing employees with fake login pages with captureable credentials
- SIM swap or call forwarding
- Direct threats of violence
Once sufficient access is obtained, the Octo Tempest hacker initiates the reconnaissance phase of the attack by enumerating local machines and services and abusing legitimate channels for incursions. Scouts include cross-cloud environments, code repositories, servers, and backup management systems.
To hide the trail of the attack, Octo Tempest also targets the accounts of security personnel, which enables them to disable security products and features. Microsoft says Octo Tempest leverages EDR and device management technologies to allow malicious tools, deploy RMM software, remove or compromise security products, steal sensitive data files, including credential files, signal databases, and deploy malicious payloads.
Octo Tempest Cybercrime History
here is a summary of the Octo Tempest cybercrime history:
2021
- Emergence of Octo Tempest: Octo Tempest first appeared in 2021, quickly gaining notoriety for its sophisticated attacks and ability to evade detection.
2022
- Target High-Profile Entities: Octo Tempest began targeting high-profile entities, including large corporations, financial institutions, and government agencies.
- Data Breaches and Ransomware Attacks: The group was involved in several data breaches and ransomware attacks, stealing sensitive information and demanding substantial ransom payments.
- Evolving Techniques: Octo Tempest continuously evolved its techniques, adapting to cybersecurity measures and employing zero-day exploits to gain unauthorized access.
2023
- Continued Activity: Octo Tempest remained active throughout 2023, demonstrating its persistence and adaptability.
- SIM Swapping Attacks: The group employed SIM swapping attacks to steal millions of dollars from cryptocurrency exchanges, highlighting their ability to compromise even secure systems.
- Evasion and Anonymity: Octo Tempest maintained its elusiveness by utilizing multiple layers of encryption and anonymization, making it difficult for law enforcement agencies to track them down.
Current Status
- Active Threat: Octo Tempest remains an active and significant threat to organizations worldwide, posing a constant challenge for cybersecurity professionals.
- Global Impact: The group’s attacks have had a global impact, affecting businesses and individuals across various industries and regions.
Law Enforcement Actions Targeting Octo Tempest
Octo Tempest is an elusive and well-resourced threat group, making it difficult for law enforcement to gather sufficient evidence and bring charges against its members. However, law enforcement agencies are actively investigating the group’s activities and collaborating with cybersecurity organizations to share intelligence and disrupt their operations.
Here are some notable law enforcement actions targeting Octo Tempest:
- FBI Investigation: The FBI is investigating Octo Tempest and has issued alerts warning businesses and individuals about the group’s attacks.
- International Cooperation: Law enforcement agencies from around the world are collaborating to share information and track Octo Tempest’s activities.
- Cybersecurity Partnerships: Law enforcement agencies are partnering with cybersecurity organizations to develop and deploy tools and techniques to detect and disrupt Octo Tempest’s attacks.
While it is challenging to bring Octo Tempest to justice due to its sophisticated tactics and global operations, law enforcement agencies are committed to pursuing the group and protecting the public from its cybercrime.
Here are some specific examples of law enforcement actions targeting Octo Tempest:
- In 2022, the FBI issued an alert warning business about Octo Tempest’s SIM-swapping attacks.
- In 2023, the FBI partnered with cybersecurity firm Mandiant to disrupt Octo Tempest’s infrastructure and prevent further attacks.
- Law enforcement agencies in the United States, Europe, and Asia have shared information about Octo Tempest’s activities and are working together to track the group’s members.
While these actions have not yet resulted in charges against Octo Tempest’s members, they have demonstrated the commitment of law enforcement agencies to pursuing the group and disrupting its operations.
In addition to law enforcement actions, cybersecurity organizations are also playing a crucial role in combating Octo Tempest. These organizations are developing tools and techniques to detect and disrupt the group’s attacks and are providing training and resources to businesses and individuals to help them protect themselves from cybercrime.

More:
- Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction | Microsoft Security Blog
- Octo Tempest cybercriminal group is “a growing concern”—Microsoft (malwarebytes.com)
- Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic (darkreading.com)
- Feds issue Snatch ransomware alert as crims list new victim • The Register
- Alliance of 40 countries to vow not to pay ransom to cybercriminals, US says | Reuters
- SCARS™ CYBER BASICS: Ransomware (romancescamsnow.com)
- BazarCall Scams: Call Centers Playing A Roll In Phishing & Ransomware Attacks (romancescamsnow.com)
- Ransomware Guide – A U.S. Government Report – DHS CISA December 2020 (romancescamsnow.com)
- Catalog Of Social Engineering Traps, Attacks, And Scams (romancescamsnow.com)
Do You Need Support?
Get It Now!
SCARS provides the leading Support & Recovery program for relationship scam victims – completely FREE!
Our managed peer support groups allow victims to talk to other survivors and recover in the most experienced environment possible, for as long as they need. Recovery takes as long as it takes – we put no limits on our support!
SCARS is the most trusted support & education provider in the world. Our team is certified in trauma-informed care, grief counseling, and so much more!
To apply to join our groups visit support.AgainstScams.org
We also offer separate support groups for family & friends too.
Become a
SCARS STAR™ Member
SCARS offers memberships in our STAR program, which includes many benefits for a very low annual membership fee!
SCARS STAR Membership benefits include:
- FREE Counseling or Therapy Benefit from our partner BetterHelp.com
- Exclusive members-only content & publications
- Discounts on SCARS Self-Help Books Save
- And more!
To learn more about the SCARS STAR Membership visit membership.AgainstScams.org
To become a SCARS STAR Member right now visit join.AgainstScams.org
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment below!
Article Rating
Table of Contents
POPULAR ARTICLES
RATE THIS ARTICLE?
LEAVE A COMMENT?
Recent Comments
On Other Articles
on Scam Victim’s/Survivor’s Guide To Writing Your Own Book About Your Experience – For Healing & Profit – 2024: “I have a friend who has suggested that I write a book about my story, a few times. Just the…” Jun 15, 23:02
on Trauma Grief & Humor As A Coping Mechanism: “My sense of humor has, at times, been what’s pulled me up and helped me cope. In the early stages…” Jun 15, 22:53
on Differences Between Men & Women Scam Victims: “This is very helpful in understanding the differences experienced by men and women. It is sad that most men are…” Jun 15, 22:21
on Sending A Letter To Your Scammer – Getting The Last Word – 2024: “I sent the email and I have to say, I feel a sense of relief. I truly hope there’s no…” Jun 15, 22:04
on Forgiveness and Scams – Why It Matters So Much!: “Forgiveness is one of the hardest parts of recovery for me. That includes forgiving myself along with the scammers. It…” Jun 15, 21:33
on Buried Cell Phones/Smartphones & Hidden Cameras – New Cybercrime – Cyber Surveillance by Local Criminals – 2025: “This is beyond concerning. To be tracked at your home is obviously a huge violation of privacy. Thank you for…” Jun 13, 06:56
on Scam Victim’s Learning Process [INFOGRAPHIC]: “The commitment to learning and recovering from the scam is indeed overwhelming. At first I struggled to comprehend the material…” Jun 12, 20:54
on Victim’s Bias – A Cognitive Bias Affecting Crime Victims: “I did in the early days after my crime ended tend to think only another crime victim would understand me…” Jun 9, 19:52
on Long Term Fear & Phobias From Scam Victim Trauma 2021 [UPDATED 2024]: “Great article, well written! I especially liked the short video at the end about trauma and our ANS. I need…” Jun 9, 19:00
on Victim Expectations And Recovery Failure: “I have made the commitment to learn as much as I can about myself, the criminal’s tactics, and how I…” Jun 9, 16:35
Important Information for New Scam Victims
- Please visit www.ScamVictimsSupport.org – a SCARS Website for New Scam Victims & Sextortion Victims
- Enroll in FREE SCARS Scam Survivor’s School now at www.SCARSeducation.org
- Please visit www.ScamPsychology.org – to more fully understand the psychological concepts involved in scams and scam victim recovery
If you are looking for local trauma counselors please visit counseling.AgainstScams.org or join SCARS for our counseling/therapy benefit: membership.AgainstScams.org
If you need to speak with someone now, you can dial 988 or find phone numbers for crisis hotlines all around the world here: www.opencounseling.com/suicide-hotlines
A Note About Labeling!
We often use the term ‘scam victim’ in our articles, but this is a convenience to help those searching for information in search engines like Google. It is just a convenience and has no deeper meaning. If you have come through such an experience, YOU are a Survivor! It was not your fault. You are not alone! Axios!
A Question of Trust
At the SCARS Institute, we invite you to do your own research on the topics we speak about and publish, Our team investigates the subject being discussed, especially when it comes to understanding the scam victims-survivors experience. You can do Google searches but in many cases, you will have to wade through scientific papers and studies. However, remember that biases and perspectives matter and influence the outcome. Regardless, we encourage you to explore these topics as thoroughly as you can for your own awareness.
Statement About Victim Blaming
Some of our articles discuss various aspects of victims. This is both about better understanding victims (the science of victimology) and their behaviors and psychology. This helps us to educate victims/survivors about why these crimes happened and to not blame themselves, better develop recovery programs, and to help victims avoid scams in the future. At times this may sound like blaming the victim, but it does not blame scam victims, we are simply explaining the hows and whys of the experience victims have.
These articles, about the Psychology of Scams or Victim Psychology – meaning that all humans have psychological or cognitive characteristics in common that can either be exploited or work against us – help us all to understand the unique challenges victims face before, during, and after scams, fraud, or cybercrimes. These sometimes talk about some of the vulnerabilities the scammers exploit. Victims rarely have control of them or are even aware of them, until something like a scam happens and then they can learn how their mind works and how to overcome these mechanisms.
Articles like these help victims and others understand these processes and how to help prevent them from being exploited again or to help them recover more easily by understanding their post-scam behaviors. Learn more about the Psychology of Scams at www.ScamPsychology.org
Psychology Disclaimer:
All articles about psychology and the human brain on this website are for information & education only
The information provided in this article is intended for educational and self-help purposes only and should not be construed as a substitute for professional therapy or counseling.
While any self-help techniques outlined herein may be beneficial for scam victims seeking to recover from their experience and move towards recovery, it is important to consult with a qualified mental health professional before initiating any course of action. Each individual’s experience and needs are unique, and what works for one person may not be suitable for another.
Additionally, any approach may not be appropriate for individuals with certain pre-existing mental health conditions or trauma histories. It is advisable to seek guidance from a licensed therapist or counselor who can provide personalized support, guidance, and treatment tailored to your specific needs.
If you are experiencing significant distress or emotional difficulties related to a scam or other traumatic event, please consult your doctor or mental health provider for appropriate care and support.
Also read our SCARS Institute Statement about Professional Care for Scam Victims – click here to go to our ScamsNOW.com website.
Thank you for your comment. You may receive an email to follow up. We never share your data with marketers.