Scattered Spider, a teenage hacking collective, has shifted its focus from high-profile UK retailers like Marks & Spencer and Co-op to targets in the airline sector, as disclosed by Google Cloud's Mandiant analysts. This escalation suggests a potential compromise of third-party IT suppliers. Mandiant's Charles Carmakal emphasized the importance of proactive security measures, such as employee training on identity verification and adopting phishing-resistant MFA, to defend against these persistent intrusions. The group’s activities have begun to impact US airlines like Hawaiian Airlines and WestJet.
"Mandiant is aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider," said Charles Carmakal, chief technology officer at Mandiant Consulting.
"The actor's core tactics, techniques, and procedures have remained consistent. This means that organisations can take proactive steps like training their help desk staff to enforce robust identity verification processes and deploying phishing-resistant MFA to defend against these intrusions."
Should Mandiant's latest intelligence prove accurate, it would represent a clear escalation in Scattered Spider's activity, and lends further weight to the theory that it has successfully compromised one or more third-party IT suppliers.
Having made national headlines in the UK earlier with its audacious attacks on two of Britain's most recognisable High Street brands - the effects of which continue to linger - Scattered Spider then turned its attention to retailers in the United States before beginning to target insurance providers as well.
Collection
[
|
...
]