Add hackers to the list of those who aren’t thrilled with the US insurance business: Google Threat Intelligence Group warns that a new pattern is emerging, and hackers are now targeting US companies in the insurance industry.
Specifically, the concerns are centered on a group of teenagers and young adults called “Scattered Spider” (or UNC3944, or a number of other names).
The group directs its attention at one sector at a time, the researchers say, with indications pointing to insurance companies as their next target.
What to Know About the Threat
John Hultquist, Chief Analyst at Google Threat Intelligence Group (GTIG), told BleepingComputer about their concerns.
“Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry.” -Hultquist
This just in! View
the top business tech deals for 2025 👨💻
The specific concerns to keep an eye out for are potential social engineering attempts, likely aimed at help desks and call centers.
What’s Scattered Spider?
According to the US Department of Homeland Security, Scattered Spider is “a cybercriminal group that targets large companies and their contracted information technology (IT) help desks,” with data theft for extortion as its typical MO.
In the recent past, the group had targeted retail operations in the UK, followed by those in the US.
Just in June 2025, two insurance companies have disclosed that they’ve been impacted by cyberattacks. First, Philadelphia Insurance Companies (PHLY) says it discovered unauthorized access on its network, but was able to disconnect the affected systems before the issue spread.
During the same month, Erie Insurance suffered business disruptions, and soon said that the outage was caused by “unusual network activity.”
Staying Safe From Cybersecurity Threats in 2025
The Google team recommends keeping role-based indentities and strong authentication criteria such as password resets and multi-factor authentication.
Staying safe when the big threat is social engineering is tough, however: Workers will need to be trained to pay attention at all times for impersonation attempts that might arrive via SMS, phone calls, or messaging platforms.
For threats that target help desks, companies can try to stave off cyberattacks by reviewing how the service initially authenticates credentials before they’re reset. Plus, any process that highlights any logins from unusual sources may be useful for surfacing potential threats before they succeed.
