Hackers associated with "Scattered Spider" tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors
These threat actors have employed a sector-by-sector approach, initially targeting retail companies, such as M&S and Co-op, in the United Kingdom and the United States and subsequently shifting their focus to insurance companies.
While the threat actors were not officially named as responsible for insurance sector attacks at first, recent incidents have impacted Aflac, Erie Insurance, and Philadelphia Insurance Companies.
Hackers target the aviation industry
On June 12, Canada's second-largest airline, WestJet, suffered a cyberattack that briefly disrupted the company's internal services and mobile app.
Soon after the breach, sources told BleepingComputer that Palo Alto Networks and Microsoft were assisting in the response to the attack.
The attack was attributed to Scattered Spider, who allegedly compromised the company's data centers and its Microsoft Cloud environment.
BleepingComputer was informed that the threat actor gained access by performing a self-service password reset for an employee, which enabled them to register their own MFA and obtain remote access to the network through Citrix.
While other threat actors conduct identity attacks, Scattered Spider has become associated with this tactic due to their regular targeting of help desks and password and MFA infrastructure.
Today, Hawaiian Airlines also disclosed that they suffered a cyberattack but did not provide any details that could indicate who was behind the attack. However, a source told BleepingComputer that it is believed that the same threat actors are responsible.
... continue reading