Prolific cybercriminal group now targeting aviation, transportation companies

Driving the news: Hawaiian Airlines said Thursday it's addressing a "cybersecurity incident" that affected some of its IT systems.

• Canadian airline WestJet faced a similar incident last week that caused outages for some of its systems and mobile app.
• A source familiar with the incidents told Axios that Scattered Spider was likely behind the WestJet incident.
• Josh Yeats, a WestJet spokesperson, told Axios that the company has made "significant progress" to resolve the incident, but did not answer questions about Scattered Spider's possible involvement.

What they're saying: Charles Carmakal, the chief technology officer at Google's Mandiant Consulting, said in an emailed statement that the company is "aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider."

• "We are still working on attribution and analysis, but given the habit of this actor to focus on a single sector we suggest that the industry take steps immediately to harden systems," Carmakal said.
• Palo Alto Networks also said they saw evidence of these hackers targeting the aviation sector.

• "Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests," Sam Rubin, senior vice president of consulting and threat intelligence at Palo Alto Networks' Unit 42, said on LinkedIn.

Between the lines: Scattered Spider both exploits known security vulnerabilities and uses social engineering tactics.

• Despite making some arrests in the fall, U.S. law enforcement has struggled to rein in the group's activity.

Go deeper: Cyberattacks hit retailers at the worst time