InfoSecBulletin Cybersecurity for mankind
Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a significant increase in their activities.
The FBI has announced that the cybercriminal group UNC3944 is now targeting the airline industry using advanced social engineering to attack major carriers. This alert follows several significant incidents affecting the sector recently.
First couple “Rosie” to conceive using AI tech “STAR” successfully
Scattered Spider Actively Attacking Aviation and Transportation: FBI
Russia’s restrictions on Cloudflare making websites inaccessible
61 million Verizon records allegedly posted online for sale
Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access
CISA Warns of FortiOS Hard-Coded Credentials Vulns
5 vendors’ printer totaling 748 models affected: Rapid7
Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543
SonicWall warns of a trojanized NetExtender stealing VPN logins
Hawaiian Airlines disclosed a significant cybersecurity incident on Thursday that affected some of its IT systems, though the carrier emphasized that flights continue operating safely and on schedule.
The attack, discovered on June 23, led the airline to involve federal authorities and cybersecurity experts for investigation and resolution.
Attack Targeting the Aviation Industry:
WestJet experienced system outages last week due to an attack that started on June 13. The issue persisted for over a week, with investigations ongoing to check if customer data was compromised. Incident responders link both attacks to Scattered Spider.
Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, confirmed that his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider.” The group has demonstrated a consistent pattern of focusing intensively on single industries before moving to new sectors.
“Given the habit of this actor to focus on a single sector, we suggest that the industry take steps immediately to harden systems,” Carmakal stated. The FBI is actively working with aviation and industry partners to address this activity and assist victims, urging prompt reporting of suspicious activity.
Scattered Spider uses social engineering to mimic employees or contractors, tricking IT help desks into giving unauthorized access. They often bypass multi-factor authentication (MFA) by persuading help desks to add unauthorized MFA devices to hacked accounts.
The group targets large corporations and their third-party IT providers, meaning anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk. Once inside networks, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.
Mandiant has shared hardening advice from extensive incident response work. They stress the importance of improving identity verification for help desks before changing employee accounts, resetting passwords, or sharing any sensitive information.
Experts suggest training help desk staff to enhance identity verification and using phishing-resistant MFA for protection. Organizations need to be cautious of advanced social engineering attacks and unusual MFA reset requests.
Scattered Spider’s aggressive actions pose a serious cybersecurity threat to the aviation industry, requiring urgent measures to safeguard infrastructure and passenger information.
