Cybersecurity specialists and federal agencies are raising urgent warnings as the notorious
hacking group Scattered Spider shifts its focus toward the aviation and transportation industries. This move signals a troubling escalation in their activities.
The FBI has confirmed that this cybercriminal group, also identified as UNC3944, is now targeting airlines and transportation firms using advanced social engineering tactics. The warning comes in the wake of several high-profile attacks in recent weeks.
Hawaiian Airlines revealed on Thursday that it experienced a major cybersecurity incident affecting parts of its IT systems. However, the airline assured the public that all flights remain safe and continue to operate as scheduled. The breach was detected on June 23, prompting the company to enlist the help of federal authorities and cybersecurity experts to investigate and mitigate the threat.
In another case, Canadian airline WestJet suffered a cyberattack on June 13 that caused disruptions to some systems and its mobile app. The issue remained unresolved for over a week. Investigators are still working to determine whether customer data was compromised. Cybersecurity responders believe both incidents are linked to Scattered Spider.
Charles Carmakal, Chief Technology Officer at Mandiant Consulting, part of Google Cloud, confirmed that multiple attacks on transportation and airline firms bear the hallmarks of Scattered Spider operations. He noted the group’s tendency to concentrate on one industry at a time before switching to another.
Given this pattern, Carmakal urged the aviation industry to take immediate steps to strengthen cybersecurity defenses. The FBI is working closely with aviation companies and other industry stakeholders to support ongoing investigations and help potential victims. Authorities also urge companies to report suspicious activity without delay.
Scattered Spider is known for its use of social engineering tactics. The group often impersonates employees or contractors and deceives IT help desks into granting access to internal systems. A common method involves bypassing multi-factor authentication by persuading help desks to register unauthorized devices or reset security settings.
Their operations typically involve compromising large corporations and their third-party IT service providers. This makes vendors and contractors within the airline ecosystem potential targets. Once inside, the attackers steal sensitive data for extortion and may deploy ransomware as part of the attack.
The aviation sector is now the latest focus in a series of carefully planned campaigns. Previously, Scattered Spider targeted retail companies, then shifted to the insurance industry earlier this month. The group is believed to include native English speakers from the United States and the United Kingdom, giving them an advantage in creating convincing messages during social engineering attacks.
To combat the threat, Mandiant has released detailed hardening recommendations based on extensive incident response experience. The guidance advises companies to strengthen identity verification procedures, especially when adding phone numbers, resetting passwords, or disclosing employee information.
Experts also recommend training help desk staff to spot and respond to fraudulent requests and encouraging the use of phishing-resistant authentication tools. Organizations should stay alert for social engineering tactics and unexpected multi-factor authentication reset attempts.
With Scattered Spider expanding its operations, the aviation industry faces a serious cybersecurity risk that requires urgent and coordinated action to safeguard systems and protect passenger data.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
