The FBI warns that Scattered Spider is now targeting the airline sector

The FBI warns that Scattered Spider is now targeting the airline sector. Feds are working with aviation partners to combat the threat and assist affected victims.

The FBI reports that the cybercrime group Scattered Spider is now targeting the airline sector.

The cybercriminals are using social engineering techniques to gain access to target organizations by impersonating employees or contractors. In many cases, threat actors employed methods to bypass multi-factor authentication (MFA), by tricking victims’ help desk services to add unauthorized MFA devices to compromised accounts.

“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.” reads the alert published by the FBI on X. “They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.”

Scattered Spider is targeting large corporations and their third-party IT providers; every organization in the airline sector is a potential target, including trusted vendors and contractors.

Scattered Spider steals data for extortion and often launches ransomware once inside. The FBI partners with the aviation industry to stop attacks and help victims. FBI recommends that quickly reporting helps the FBI act fast, share intel, and limit damage.

“Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. The FBI is actively working with aviation and industry partners to address this activity and assist victims.” continues the alert. “Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise.”

Recently, Unit 42 also warned that Muddled Libra is targeting aviation with advanced social engineering and fake MFA reset attempts.

“Unit 42 has observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry. Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests.” Palo Alto Networks Unit 42’s Sam Rubin wrote on LinkedIn.

In May, Google warned that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting U.S. companies, shifting their focus across the Atlantic.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)