InfoSecBulletin Cybersecurity for mankind
Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a significant increase in their activities.
The FBI has announced that the cybercriminal group UNC3944 is now targeting the airline industry using advanced social engineering to attack major carriers. This alert follows several significant incidents affecting the sector recently.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Hawaiian Airlines disclosed a significant cybersecurity incident on Thursday that affected some of its IT systems, though the carrier emphasized that flights continue operating safely and on schedule.
The attack, discovered on June 23, led the airline to involve federal authorities and cybersecurity experts for investigation and resolution.
Attack Targeting the Aviation Industry:
WestJet experienced system outages last week due to an attack that started on June 13. The issue persisted for over a week, with investigations ongoing to check if customer data was compromised. Incident responders link both attacks to Scattered Spider.
Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, confirmed that his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider.” The group has demonstrated a consistent pattern of focusing intensively on single industries before moving to new sectors.
“Given the habit of this actor to focus on a single sector, we suggest that the industry take steps immediately to harden systems,” Carmakal stated. The FBI is actively working with aviation and industry partners to address this activity and assist victims, urging prompt reporting of suspicious activity.
Scattered Spider uses social engineering to mimic employees or contractors, tricking IT help desks into giving unauthorized access. They often bypass multi-factor authentication (MFA) by persuading help desks to add unauthorized MFA devices to hacked accounts.
The group targets large corporations and their third-party IT providers, meaning anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk. Once inside networks, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.
Mandiant has shared hardening advice from extensive incident response work. They stress the importance of improving identity verification for help desks before changing employee accounts, resetting passwords, or sharing any sensitive information.
Experts suggest training help desk staff to enhance identity verification and using phishing-resistant MFA for protection. Organizations need to be cautious of advanced social engineering attacks and unusual MFA reset requests.
Scattered Spider’s aggressive actions pose a serious cybersecurity threat to the aviation industry, requiring urgent measures to safeguard infrastructure and passenger information.
