InfoSecBulletin Cybersecurity for mankind
Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a significant increase in their activities.
The FBI has announced that the cybercriminal group UNC3944 is now targeting the airline industry using advanced social engineering to attack major carriers. This alert follows several significant incidents affecting the sector recently.
AMD discloses 4 new CPU flaws Affecting Many CPUs
GitLab patched XSS and Authorization Bypass Flaws
CVE-2025-7206
Critical D-Link DIR-825 Router Flaw Remote Crash Via Buffer Overflow
Urgently patch now: Zoom Patches 6 Flaws
Whatsapp rival ‘Bitchat’, message without internet
Splunk Addresses Third-Party Package Vulns in SOAR Versions
Texas-based Tax Credit Consultancy agency exposed PII, ID Numbers, & SSNs
CVE-2025-25257
Fortinet Addresses Major SQL Injection Flaw in FortiWeb
Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws
Android malware Anatsa infiltrates Google Play targeting banks worldwide
Hawaiian Airlines disclosed a significant cybersecurity incident on Thursday that affected some of its IT systems, though the carrier emphasized that flights continue operating safely and on schedule.
The attack, discovered on June 23, led the airline to involve federal authorities and cybersecurity experts for investigation and resolution.
Attack Targeting the Aviation Industry:
WestJet experienced system outages last week due to an attack that started on June 13. The issue persisted for over a week, with investigations ongoing to check if customer data was compromised. Incident responders link both attacks to Scattered Spider.
Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, confirmed that his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider.” The group has demonstrated a consistent pattern of focusing intensively on single industries before moving to new sectors.
“Given the habit of this actor to focus on a single sector, we suggest that the industry take steps immediately to harden systems,” Carmakal stated. The FBI is actively working with aviation and industry partners to address this activity and assist victims, urging prompt reporting of suspicious activity.
Scattered Spider uses social engineering to mimic employees or contractors, tricking IT help desks into giving unauthorized access. They often bypass multi-factor authentication (MFA) by persuading help desks to add unauthorized MFA devices to hacked accounts.
The group targets large corporations and their third-party IT providers, meaning anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk. Once inside networks, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.
Mandiant has shared hardening advice from extensive incident response work. They stress the importance of improving identity verification for help desks before changing employee accounts, resetting passwords, or sharing any sensitive information.
Experts suggest training help desk staff to enhance identity verification and using phishing-resistant MFA for protection. Organizations need to be cautious of advanced social engineering attacks and unusual MFA reset requests.
Scattered Spider’s aggressive actions pose a serious cybersecurity threat to the aviation industry, requiring urgent measures to safeguard infrastructure and passenger information.
