On June 27, 2025, the Federal Bureau of Investigation (FBI) issued a warning on X to the airline and transportation sectors that the notorious cyber criminal ring Scattered Spider is attacking those sectors.
The warning states:
These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts. They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.
Palo Alto’s Unit 42 and Mandiant have confirmed seeing activity by Scattered Spider in these sectors. Mandiant has said “This means that organizations can take proactive steps like training their help desk staff to enforce robust identity verification processes and deploying phishing-resistant MFA [multi-factor authentication] to defend against these intrusions.”
Mandiant has issued a Hardening Guide specifically for Scattered Spider, which provides helpful information to plan, prepare, mitigate, and recover from a Scattered Spider attack. Consider the warning from the FBI, confirmed by Palo Alto and Mandiant, and proactively implement strategies to prevent an attack from social engineering.
[View source.]
