BURSTCybersecurity experts and federal authorities are sounding urgent alarms as the notorious Scattered Spider hackers have pivoted to targeting the aviation and transportation sectors, marking a dangerous escalation in their operations.
The FBI has confirmed that the cybercriminal group, also known as UNC3944, has expanded its targeting to include the airline sector, employing sophisticated social engineering techniques to breach major carriers and transportation firms. The warning comes as multiple high-profile incidents have rocked the industry in recent weeks.
Hawaiian Airlines disclosed a significant cybersecurity incident on Thursday that affected some of its IT systems, though the carrier emphasized that flights continue operating safely and on schedule.
The attack, first detected on June 23, prompted the airline to engage federal authorities and cybersecurity experts for investigation and remediation efforts.
Attack Targeting the Aviation Industry
Canadian airline WestJet faced a similar incident last week that caused outages for some of its systems and mobile app. The attack, which began on June 13, remained unresolved for more than a week, with investigations ongoing to assess whether sensitive customer data was compromised. Multiple incident responders have attributed both attacks to Scattered Spider operations.
Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, confirmed that his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider.” The group has demonstrated a consistent pattern of focusing intensively on single industries before moving to new sectors.
“Given the habit of this actor to focus on a single sector, we suggest that the industry take steps immediately to harden systems,” Carmakal stated. The FBI is actively working with aviation and industry partners to address this activity and assist victims, urging prompt reporting of suspicious activity.
Scattered Spider relies heavily on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting unauthorized access. These attacks frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.
The group targets large corporations and their third-party IT providers, meaning anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk. Once inside networks, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.
The aviation sector represents the latest target in Scattered Spider’s methodical campaign across industries. The group, believed to consist primarily of native English speakers from the United States and the United Kingdom, previously focused on retail companies before shifting to insurance firms earlier this month.
Their English-speaking advantage gives them a significant edge in conducting convincing social engineering attacks against Western targets.
Mandiant has published hardening guidance based on thousands of hours of incident response experience. The guidance emphasizes the urgent need for organizations to tighten help desk identity verification processes prior to adding new phone numbers to employee accounts, resetting passwords, or providing employee information that could enable subsequent social engineering attacks.
Industry experts recommend training help desk staff to enforce robust identity verification processes and deploying phishing-resistant MFA to defend against these intrusions. Organizations should be particularly vigilant for sophisticated social engineering attacks and suspicious MFA reset requests.
As Scattered Spider continues its aggressive campaign, the aviation industry faces an unprecedented cybersecurity challenge that demands immediate action to protect critical infrastructure and passenger data.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
The post Scattered Spider Hackers Actively Attacking Aviation and Transportation Firms appeared first on Cyber Security News.