Scattered Lapsus$ Hunters seeks women to defraud helpdesks • The Register

Scattered Lapsus$ Hunters (SLSH), a prolific cybercrime group known for sophisticated social engineering attacks, is actively recruiting women to improve its helpdesk impersonation tactics, according to recent Telegram posts uncovered by security researchers.

The group is offering payments between $500 and $1,000 per successful call, depending on "success and hit rate," to individuals who can convincingly impersonate legitimate users when contacting IT helpdesk staff. Interested applicants are directed to message the group's "Support" account, where they'll undergo a screening process before receiving scripts for their calls.

This recruitment drive represents a calculated evolution in SLH's tactics," said Jeanette Miller-Osborn, field cyber intelligence officer at Dataminr. "By specifically seeking female voices, the group likely aims to bypass the 'traditional' profiles of attackers that IT helpdesk staff may be trained to identify, thereby increasing the effectiveness of their impersonation efforts."

SLSH has built a reputation for highly effective social engineering, particularly through its association with Scattered Spider, one of the groups forming the cybercrime triad. Security experts who have monitored Scattered Spider's operations report that their tactics are sophisticated and consistently successful at deceiving helpdesk personnel into providing credentials or access to organizational networks.

The timing of this recruitment drive aligns with SLSH's established modus operandi of targeting IT helpdesks to obtain credentials that enable network access. By expanding their pool of potential social engineers to include female voices, the group appears to be adapting to security awareness training that may have made male voices more suspicious to helpdesk staff.

Organizations are being advised to update their helpdesk protocols in response to these evolving tactics. Miller-Osborn recommends implementing additional verification measures, such as video calls or secondary internal verification processes, to confirm the identity of individuals requesting assistance or access.

This recruitment effort is part of a broader pattern of crowdsourcing tactics employed by SLSH. In October, the group used Telegram to offer $10 in Bitcoin to anyone willing to "endlessly harass" executives at organizations it was attempting to extort. The message explicitly instructed participants to continue emailing executives until they complied with the group's demands, with instructions to stop when directed.

When contacted by The Register about the harassment campaign's effectiveness, SLSH claimed to have "practically paid out over $1,000" within the first few days, though these claims remain unverified.

The group's willingness to pay substantial sums for successful social engineering calls underscores the profitability of their criminal operations. With organizations increasingly aware of traditional social engineering tactics, SLSH's adaptation to include female voices represents a concerning evolution in cybercrime methodology.

Security experts emphasize that this development highlights the need for organizations to regularly update their security awareness training and verification procedures. As cybercriminals continue to refine their techniques and expand their recruitment pools, static security measures become increasingly vulnerable to exploitation.

The recruitment drive also raises questions about the ethical implications of involving individuals in criminal activities through financial incentives, particularly when targeting helpdesk staff who may be following established protocols in good faith.

For IT departments and security teams, the message is clear: traditional voice-based verification alone is no longer sufficient to prevent social engineering attacks. Organizations must implement multi-factor verification processes and ensure their staff remains aware of evolving threat actor tactics.

As cybercrime groups like SLSH continue to professionalize their operations and expand their recruitment efforts, the cybersecurity community faces an ongoing challenge in staying ahead of increasingly sophisticated social engineering techniques.