CONSENSUS WIRE
← Back to Crime & Security

New Extortion Crews Target U.S. Critical Infrastructure in Rapid Attacks

Crime & SecurityAI-Generated & Algorithmically Scored·

AI-generated from multiple sources. Verify before acting on this reporting.

WASHINGTON — Two new cybercriminal groups, identified as Cordial Spider and Snarky Spider, are launching coordinated extortion campaigns against U.S. critical infrastructure organizations, security officials said Wednesday. The groups, affiliated with the criminal network known as The Com, are replicating the operational playbook of the notorious Scattered Spider group but accelerating the pace of attacks to maximize data theft and financial pressure.

The campaigns, which began in late April 2026, target a wide range of sectors including energy, transportation, and healthcare. Unlike previous iterations of similar threats, these crews are focusing on rapid data exfiltration followed by immediate ransom demands, a strategy designed to overwhelm incident response teams before they can contain breaches.

Security analysts describe the tactics as a direct evolution of the methods used by Scattered Spider, which gained notoriety in 2024 for targeting major technology and defense contractors. Cordial Spider and Snarky Spider are leveraging social engineering and credential stuffing to gain initial access, then moving laterally through networks to encrypt systems and steal sensitive data. The groups are demanding payments in cryptocurrency, threatening to publish stolen information if ransoms are not met.

The attacks represent a significant escalation in the sophistication and speed of financially motivated cybercrime. U.S. organizations are being urged to review their security protocols, particularly regarding multi-factor authentication and employee training on phishing attempts. The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have issued alerts to critical infrastructure operators, warning of the emerging threat.

The groups are operating out of the United States, primarily targeting domestic organizations, but the impact of these attacks could ripple through global supply chains. The speed at which these crews are moving suggests a high level of coordination and resources, raising concerns about the potential for more widespread disruption.

As of Wednesday, no specific organizations have been publicly named as victims, though security firms have detected indicators of compromise across multiple sectors. The groups are believed to be operating in a decentralized manner, making it difficult for law enforcement to track their movements and dismantle their operations.

The emergence of Cordial Spider and Snarky Spider highlights the evolving nature of cyber threats and the need for continued vigilance among critical infrastructure operators. As these groups refine their tactics, the potential for significant financial and operational damage remains high. Authorities are working to identify the individuals behind the attacks and disrupt their operations, but the fast-paced nature of the campaigns presents a significant challenge.

The situation remains fluid, with security experts monitoring for new developments and potential targets. The question of whether these groups will expand their operations beyond the United States or target other critical sectors remains unanswered as the campaigns continue to unfold.