Full Report
Hawaiian Airlines announced a cybersecurity incident Friday as security experts warned of a sector-wide threat. The post Scattered Spider strikes again? Aviation industry appears to be next target for criminal group appeared first on CyberScoop.
Analysis Summary
# Threat Actor: Scattered Spider (UNC3944 / Muddled Libra)
## Attribution & Identity
Attributed cybercriminal group known as Scattered Spider. Associated aliases include Muddled Libra and UNC3944 (as suggested by Mandiant).
## Activity Summary
The group is reportedly conducting a coordinated campaign demonstrating a campaign shifting focus to the aviation sector. Recent activities include:
* A cybersecurity incident disclosed by Hawaiian Airlines on Friday, June 27, 2025 (first detected June 23).
* A similar recent attack earlier this month on WestJet, which caused intermittent disruptions to their website and mobile application.
* Historical campaigns have intensively targeted the retail and insurance industries (e.g., attacks on Aflac and other prominent insurers).
## Tactics, Techniques & Procedures
- Sophisticated social engineering attacks.
- Targeting multi-factor authentication (MFA) systems, often through fraudulent reset requests.
- Methodical approach, focusing intensively on a single industry at a time.
## Targeting
- Sectors: Aviation/Transportation (current focus), Retail, Insurance (historical focus).
- Geography: Not explicitly detailed, but Hawaiian Airlines is US-based and WestJet is Canadian.
- Victims: Hawaiian Airlines, WestJet, Aflac, and other prominent insurers.
## Tools & Infrastructure
- Malware families used: Not specified in the text.
- Infrastructure (C2, domains, IPs): Not specified in the text.
## Implications
The apparent coordinated targeting of multiple airlines suggests a strategic pivot by Scattered Spider toward critical infrastructure sectors, posing a significant threat to global transportation stability. Their consistent tactics indicate a high likelihood of further attacks across the sector until defenses are hardened.
## Mitigations
- Maintain a high alert for sophisticated and targeted social engineering attacks.
- Monitor closely for suspicious MFA reset requests targeting organizational accounts.
- Organizations in the sector (aviation/transportation) should immediately take steps to harden systems.