Abian Morina
Abian Morina is a Threat Researcher on Permiso Security’s P0 Labs team. He began hacking by modifying video games, a curiosity that evolved into a cybersecurity career. As a senior member of the Kosova Cyber Team, he proudly represents his country on the international stage at the European Cybersecurity Challenge. He also contributes to the community through public speaking and open-source tooling.
Mr.Morina holds a Bachelor’s in Computer Science and now is pursuing a Master’s in Cybersecurity.
Session
LUCR-3 better known as Scattered Spider has surged back in 2025, pivoting its social-engineering playbook from last year’s casino breaches to fresh waves against the insurance, retail and aviation sectors. Within a single June week, LUCR-3 struck several insurers, disrupting airline back-office systems, and a spring ransomware campaign devastated big-box retailers.
Still leveraging push-fatigue MFA bombing, SIM-swapping and help-desk impersonation, LUCR-3 now systematically abuses third-party IT providers to fan out across IaaS, SaaS and PaaS estates living off the land in cloud logs to stay invisible until ransom day. Permiso's P0 Labs has been monitoring LUCR-3's activities for over two years, documenting their evolving tactics, techniques, and procedures (TTPs). This session will delve into LUCR-3's latest strategies and provide actionable insights for cloud defenders to detect and mitigate such threats effectively.
Attendees will gain an understanding of many of Scattered Spider’s notable TTPs, with a specific technical focus on those targeting the SaaS and IaaS layers. While Scattered Spiders’ TTPs range widely, their persistence and focus is anything but scattered.