68°
The FBI has issued a warning about Scattered Spider, a hacking group that has expanded its operations to include major US airlines and their vendors.
The group is known for using convincing impersonation tactics to access corporate networks, often bypassing multi-factor authentication by tricking IT staff into adding unauthorized devices.
Scattered Spider impersonates employees or contractors to deceive help desks.
"These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts," the FBI posted on Facebook. "They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk."
Once inside, the hackers steal sensitive data for extortion and may deploy ransomware. The FBI is working with aviation industry partners to reduce the threat and urged potential victims to report incidents early.
Scattered Spider became known globally after claiming responsibility for an April attack against British retailer Marks & Spencer. The ransomware breach is estimated to have caused $600 million in damage, Forbes reported.
Investigators say the group's tactics include phishing, deepfake impersonation, and even video calls to manipulate IT staff. According to cybersecurity firm ReliaQuest, 81% of domains used by Scattered Spider impersonate technology vendors.
Scattered Spider is financially motivated and linked to ransomware groups like ALPHV and RansomHub, according to Forbes. ReliaQuest also said the hackers often recruit "social engineers with highly specific qualifications," including fluency in English and Western time zone availability.
The hackers also require the ability to convincingly imitate corporate staff.
"Callers are also provided with detailed scripts and real-time guidance from a so-called curator to help them handle any situation during the call," ReliaQuest's report said.
While the FBI warning focused on aviation, experts say the threat is growing to the insurance industry.
"Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity," said John Hultquist, chief analyst with the Google Threat Intelligence Group.
The FBI urges anyone working in or around the airline industry, especially in IT, customer support, or vendor roles, to report suspicious activity immediately.
"The FBI is actively working with aviation and industry partners to address this activity and assist victims," the bureau posted. "Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise."
You can report cybersecurity threats on the FBI's website.
Click here to follow Daily Voice Mechanicsville and receive free news updates.
