LUCR-3, also known as Scattered Spider, is a highly persistent threat actor group notorious for their sophisticated cloud-focused attacks. Moving beyond typical cryptomining campaigns, LUCR-3 employs advanced techniques such as push fatigue attacks and SIM swapping to bypass multi-factor authentication (MFA). They have notably targeted major organizations, including MGM and Caesars in late 2023. This group effectively traverses various cloud service models (IaaS, SaaS, PaaS), infiltrating internal communications and SaaS platforms to gather crucial information. Permiso's P0 Labs has tracked LUCR-3 for over 1.5 years, offering detailed insights into their tactics, techniques, and procedures (TTPs). LUCR-3's relentless focus and sophisticated methods make them a significant threat to cloud environments.