The FBI warns that Scattered Spider is now targeting the airline sector. Feds are working with aviation partners to combat the threat and assist affected victims.——————————————————————————————————————————————————————The FBI reports that the cybercrime group [Scattered Spider](https://securityaffairs.com/176323/cyber-crime/scattered-spider-cybercrime-group-member-pleaded-guilty.html) is now targeting the airline sector.The cybercriminals are using social engineering techniques to gain access to target organizations by impersonating employees or contractors. In many cases, threat actors employed methods to bypass multi-factor authentication (MFA), by tricking victims’ help desk services to add unauthorized MFA devices to compromised accounts.*’These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.’ reads the [alert](https://x.com/FBI/status/1938746767031574565) published by the FBI on X. ‘They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.’*Scattered Spider is targeting large corporations and their third-party IT providers; every organization in the airline sector is a potential target, including trusted vendors and contractors.Scattered Spider steals data for extortion and often launches ransomware once inside. The FBI partners with the aviation industry to stop attacks and help victims. FBI recommends that quickly reporting helps the FBI act fast, share intel, and limit damage.*’Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. The FBI is actively working with aviation and industry partners to address this activity and assist victims.’ continues the alert. ‘Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise.’*Recently, Unit 42 also warned that [Muddled Libra](https://unit42.paloaltonetworks.com/muddled-libra/) is targeting aviation with advanced social engineering and fake MFA reset attempts.*’Unit 42 has observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry. Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests.’ Palo Alto Networks Unit 42’s Sam Rubin [wrote](https://www.linkedin.com/feed/update/urn:li:activity:7344401358281719808/) on LinkedIn.*In May, Google [warned](https://securityaffairs.com/177974/cyber-crime/shields-up-us-retailers-scattered-spider-threat-actors.html) that the cybercrime group Scattered Spider behind [UK retailer attacks](https://securityaffairs.com/177784/data-breach/marks-and-spencer-confirms-data-breach-after-april-cyber-attack.html) is now targeting U.S. companies, shifting their focus across the Atlantic.Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, cybercrime)
Related Tags:
Octo Tempest
NAICS: 48 – Transportation
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 481 – Air Transportation
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 51 – Information
Roasted 0ktapus
Scattered Spider
Associated Indicators: