Expanding Focus Beyond Insurance and Retail
The cybercrime group known as Scattered Spider has expanded its operations to new industries. After targeting insurance and retail, they now focus on aviation and transportation firms. Notable past victims include Marks & Spencer, Co-op, and several major insurance providers like Aflac and Erie Insurance.
In June 2025, WestJet, Canada’s second-largest airline, suffered a cyberattack disrupting mobile services and internal systems. Microsoft and Palo Alto Networks assisted in the response. Reports linked the breach to Scattered Spider, who allegedly bypassed security using password reset and multi-factor authentication (MFA) manipulation. Hawaiian Airlines also experienced a similar incident, though details remain limited.
Threat Group Tactics and Industry Response
Scattered Spider, also called Muddled Libra or UNC3944, is known for advanced social engineering. They often manipulate help desk staff, gain control of MFA systems, and exploit self-service password reset tools. Their tactics include phishing, MFA fatigue attacks, SIM swapping, and identity fraud.
According to security leaders at Mandiant and Palo Alto Networks, these attacks show clear signs of sector-specific targeting. Companies must now secure password reset tools, enforce strict help desk identity checks, and protect access to critical infrastructure. Major firms like Google Cloud have issued guidelines to help organizations defend against these threats.
