In August 2023, the Scattered Spider group orchestrated a devastating social engineering attack against Clorox that resulted in approximately $380 million in damages, demonstrating how a simple phone call can lead to catastrophic business disruption .
Modus operandi
The attackers bypassed sophisticated cybersecurity measures through old-fashioned social engineering, repeatedly calling Cognizant’s service desk and impersonating locked-out Clorox employees . Rather than exploiting technical vulnerabilities, they manipulated human psychology, using calm, scripted conversations to convince frontline agents to reset passwords and multi-factor authentication without proper verification .
According to court filings, the attackers conducted thorough reconnaissance, collecting employee names, titles, recent hires, and internal ticket references to make their impersonation attempts more convincing . The legal complaint alleges that Cognizant agents violated agreed procedures by resetting credentials without properly authenticating callers first .