Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Cyber Security. Show all posts

Office 365's Microsoft Defender Now Thwarts Email Bombing Assaults

 

Microsoft claims that the cloud-based email security suite Defender for Office 365 can now automatically detect and prevent email bombing attacks. 

Defender for Office 365 (previously known as Office 365 Advanced Threat Protection or Office 365 ATP) guards organisations working in high-risk industries and dealing with sophisticated attackers from malicious threats delivered via email messages, links, or collaboration tools.

"We're introducing a new detection capability in Microsoft Defender for Office 365 to help protect your organization from a growing threat known as email bombing," Redmond notes in a Microsoft 365 message center update. "This form of abuse floods mailboxes with high volumes of email to obscure important messages or overwhelm systems. The new 'Mail Bombing' detection will automatically identify and block these attacks, helping security teams maintain visibility into real threats.”

In late June 2025, the new 'Mail Bombing' feature began to roll out, and by late July, it should be available to all organisations. All messages detected as being a part of a mail bombing operation will be automatically routed to the Junk folder, require no manual configuration, and be toggled on by default. 

Security operations analysts and administrators can now employ Mail Bombing as a new detection type in Threat Explorer, the Email entity page, the Email summary panel, and Advanced Hunting, the company announced over the weekend.

By leveraging specialised cybercrime services that can send a high number of emails or by subscribing to several newsletters, attackers can use mail bombing operations to bombard their targets' email inboxes with thousands or tens of thousands of messages in a matter of minutes.

In the majority of cases, the perpetrators' ultimate goal is to overwhelm email security systems as part of social engineering schemes, creating the way for malware or ransomware operations that can aid in the exfiltration of sensitive data from victims' compromised devices. 

Email bombing has been used in attacks by cybercrime and ransomware outfits for more than a year. It all started with the BlackBasta gang, who employed this approach to flood their victims' mailboxes with emails just minutes before beginning their attacks.

In order to deceive overwhelmed staff members into allowing remote access to their devices via AnyDesk or the integrated Windows Quick Assist application, they would follow up with voice phishing cold calls, pretending to be their IT support teams. Before unleashing ransomware payloads, the attackers would proceed laterally through corporate networks after penetrating their systems and deploying a variety of malicious tools and malware implants.

Chinese Scientists Develop Quantum-Resistant Blockchain Storage Technology

 

A team of Chinese researchers has unveiled a new blockchain storage solution designed to withstand the growing threat posed by quantum computers. Blockchain, widely regarded as a breakthrough for secure, decentralized record-keeping in areas like finance and logistics, could face major vulnerabilities as quantum computing advances. 

Typically, blockchains use complex encryption based on mathematical problems such as large-number factorization. However, quantum computers can solve these problems at unprecedented speeds, potentially allowing attackers to forge signatures, insert fraudulent data, or disrupt the integrity of entire ledgers. 

“Even the most advanced methods struggle against quantum attacks,” said Wu Tong, associate professor at the University of Science and Technology Beijing. Wu collaborated with researchers from the Beijing Institute of Technology and Guilin University of Electronic Technology to address this challenge. 

Their solution is called EQAS, or Efficient Quantum-Resistant Authentication Storage. It was detailed in early June in the Journal of Software. Unlike traditional encryption that relies on vulnerable math-based signatures, EQAS uses SPHINCS – a post-quantum cryptographic signature tool introduced in 2015. SPHINCS uses hash functions instead of complex equations, enhancing both security and ease of key management across blockchain networks. 

EQAS also separates the processes of data storage and verification. The system uses a “dynamic tree” to generate proofs and a “supertree” structure to validate them. This design improves network scalability and performance while reducing the computational burden on servers. 

The research team tested EQAS’s performance and found that it significantly reduced the time needed for authentication and storage. In simulations, EQAS completed these tasks in approximately 40 seconds—far faster than Ethereum’s average confirmation time of 180 seconds. 

Although quantum attacks on blockchains are still uncommon, experts say it’s only a matter of time. “It’s like a wooden gate being vulnerable to fire. But if you replace the gate with stone, the fire becomes useless,” said Wang Chao, a quantum cryptography professor at Shanghai University, who was not involved in the research. “We need to prepare, but there is no need to panic.” 

As quantum computing continues to evolve, developments like EQAS represent an important step toward future-proofing blockchain systems against next-generation cyber threats.

United States Imposes Ban on Russian Bulletproof Hosting Provider

 


There has been a considerable escalation in efforts by the United States towards combating cyber-enabled threats. As a result of the increase in efforts, the United States has officially blacklisted Aeza Group, a Russian supplier of bulletproof hosting services (BPH), two affiliated entities, and four individuals. 

There is mounting evidence that Aeza has played a crucial role in enabling cybercriminal operations by providing infrastructure specifically designed to conceal malicious activity from law enforcement scrutiny, as evidenced by the U.S. Department of the Treasury's announcement. As a result of U.S. officials' reports, Aeza Group has knowingly provided hosting services to a number of some of the biggest cybercrime syndicates, including those responsible for Medusa ransomware, Lumma information theft, and other disruptive malware. 

Aeza's platforms have reportedly been used by these threat actors to carry out large-scale attacks on key sectors like the U.S. defence industry, major technology companies, and other critical infrastructure sectors. In light of the sanctions, it has become increasingly apparent that bulletproof hosting providers play a crucial role in shielding cybercriminals and facilitating their ability to use malware, exfiltrate sensitive data, and compromise national security. 

As the U.S. government continues to seek to disrupt the digital infrastructure underpinning transnational cybercrime, this latest designation is a stronger indication that it is willing to hold service providers accountable for their involvement in criminal activity through the enforcement of laws. Among the sanctions announced by the United States Department of the Treasury's Office of Foreign Assets Control (OFAC) in response to an intensified crackdown on transnational cybercrime networks, the Aeza Group, a company based in Russia that offers bulletproof hosting (BPH) services. 

According to the company's allegations, it provides digital infrastructure that allows cybercriminals to conduct ransomware attacks anonymously, spread malware, and steal data from U.S. companies and critical sectors. Aeza Group has been implicated in supporting illicit online activity, according to OFAC. Aeza Group rents IP addresses, servers, and domains to cybercriminals at a nominal price, thereby allowing them to conduct illicit online activity with minimal compliance or monitoring. These are services that are highly sought after in the cybercrime underground. 

The bulletproof platforms on which these websites run are deliberately designed to resist efforts by law enforcement to take them down. Thus, they serve as a shield for cyber actors that engage in widespread fraud, ransomware deployment, and the operation of darknet markets. As a result of this move, the United States has emphasised a strategy to dismantle the infrastructure that supports global cyber threats by not only focusing on perpetrators but also on the enablers behind the scenes as well. 

According to U.S. authorities, in addition to earlier enforcement actions targeting cyber infrastructure, the Aeza Group—an online bulletproof hosting provider in Russia—along with two affiliated companies and four of its top executives, has been sanctioned by the agency. A major effort is being made to dismantle the backend services that enable cybercriminals to operate across borders, evading detection, as well as dismantle the backend services that allow them to do so. 

According to the U.S. Department of the Treasury U.S. has determined that the Aeza Group has deliberately contributed to the facilitation of a range of malicious activities by providing resilient hosting infrastructure — such as IP addresses, server space, and domain registration — that has made it possible for bad actors to conduct themselves with impunity. 

It has been reported that users of the platform include hackers involved in the malware and ransomware Medusa, which has been targeting critical sectors such as the defence industry and major technology companies. Having shielded its customers from accountability, Aeza has established itself as an important player within the cybercrime ecosystem. 

Aeza's designation is part of a broader strategic approach by the United States and international partners to disrupt the digital safe havens that support everything from ransomware attacks to darknet market operations, signalling that the providers of services will face severe consequences if they are complicit in the perpetration of such crimes. 

As part of its ongoing efforts to fight cybercrime, the Office of Foreign Assets Control at the U.S Department of the Treasury confirmed that Aeza Group has provided hosting infrastructure and technical support to several high-profile cybercriminals. This announcement further expands the scope of our efforts to combat cybercrime. 

Several individuals are involved in the operations, including those behind the Meduza, RedLine, and Lumma infostealers, as well as the BianLian ransomware group and BlackSprut, a highly influential Russian darknet marketplace specialising in illicit drug distribution. It has been reported that Lumma had infected approximately 10 million systems worldwide before it was taken down in May by a coordinated international response team. 

In addition to the sanctions against Aeza Group, there has been a broad global crackdown on cybercrime that has led to the arrest of prolific cybercriminals and the dismantling of key services throughout the world. Law enforcement agencies have conducted synchronised operations in recent months that have resulted in a series of arrests and the dismantling of key services across the world. There are several types of cybercriminal activity involving the use of information stealers, malware loaders, counter-virus and encryption services, ransomware networks, cybercrime marketplaces, and distributed denial-of-service (DDoS) platforms. 

As a result, the entire digital infrastructure that underpins transnational cybercriminal activities has been significantly disrupted. There is a growing concern about Aeza Group, a British technology company that has directly supported cyberattacks against U.S. defence contractors and major technology companies, as the company has been accused of facilitating hostile cyber operations. 

In a statement issued by the acting undersecretary of the United States Treasury for Terrorism and Financial Intelligence, Bradley T Smith pointed out that bulletproof hosting providers, such as Aeza, continue to play a crucial role in helping to facilitate ransomware deployment, intellectual property theft, and the sale of illicit drugs online by offering services that are designed in a way so as not to be interfered with by law enforcement. 

The OFAC has sanctioned Aeza Group, as well as designated four individuals to serve in leadership roles at the company. They include part-owners such as Arsenii Aleksandrovich Penzev, Yurii Meruzhanovich Bozoyan, who were both previously detained for alleged involvement with the BlackSprut darknet platform, and others who were also sanctioned for their senior roles within the company. Igor Anatolyevich Knyazev and Vladimir Vyacheslavovich Gast were also sanctioned for their senior positions within the company. 

Aeza International, a UK-based company headquartered in London and its Russian subsidiaries, Aeza Logistic and Cloud Solution, have also been seized as part of the crackdown, as the United States is trying to dismantle the company's financial and operational infrastructure completely. Chainalysis, a blockchain analysis company that specialises in cryptocurrency transactions, has uncovered financial activity which is linked to Aeza Group, including cryptocurrency transactions in excess of $350,000, adding yet another layer of evidence against the bulletproof hosting provider. 

Aeza Group's TRON wallet address was found to have received a substantial amount of crypto payments through a corresponding wallet address, which then channelled the funds through a variety of deposit addresses on multiple cryptocurrency exchanges. 

There were also several illicit entities associated with these same addresses, including a darknet vendor that distributed stealer malware, the Russian cryptocurrency exchange Garantex, and a service used for escrowing items on an online gaming platform that is well-known. It was determined from Chainalysis that the designated wallet functioned as the administrative hub for Aeza's financial operations. 

Aeza's services were received directly, funds were processed from third-party payment systems, and profits were routed to crypto exchanges for withdrawal to be made. These functions were performed by the designated wallet, which served multiple functions. In addition, this financial pattern further strengthens the allegations that Aeza Group provided cybercriminals with technological infrastructure as well as actively managed and laundered proceeds from illicit transactions and that it maintained an active role in both these activities. 

As the United States sanctioned another bulletproof hosting provider based in Russia, Zservers, earlier this year, it was accused of supporting ransomware groups such as LockBit that were infected with malicious software. A comprehensive set of sanctions by U.S. authorities aimed at exposing and dismantling the financial and operational networks at the heart of cybercrime infrastructure is evident in their consistent approach. 

International enforcement bodies are sending a clear message by tracing digital payment flows and targeting the entities behind them by implementing direct and sustained pressure on the infrastructure and financial channels enabling cybercrime. International regulators and cybersecurity agencies have come to a deep consensus on how to combat cybercrime. 

At the moment, there is a growing consensus that combatting cybercrime requires us not only to pursue the threats but also to dismantle the enabling infrastructure that enables them. There is no doubt that cybercrime is becoming more decentralised, sophisticated, and financially self-sustaining, and that cyber defence must take action to target unrestricted service providers who operate with impunity to be effective. 

There are many companies, including web hosting companies and domain registrars, that may unknowingly or negligently contribute to the monetisation and concealment of illegal activity, as highlighted by the Aeza case. This case encourages vigilance throughout the digital supply chain, including third-party vendors and crypto platforms that may improperly monetise or conceal illegal activity. 

Considering the future, public and private stakeholders must prioritise collaboration, proactive threat detection, and strong compliance frameworks in order to reduce the systemic risks that can be posed by bulletproof hosting services, as well as other illicit enablers. Governments must continue aligning cross-border enforcement actions and sanctions to close jurisdictional gaps, while technology providers must invest in the tools and expertise required to detect abuse within their platforms so that the platform becomes more secure. 

As far as the Aeza takedown is concerned, it is not an isolated incident but rather one that clearly illustrates the world's cybercrime economy thrives in environments that lack oversight and accountability. In order to disrupt this ecosystem effectively, we must take a unified and sustained approach—one that considers infrastructure providers not only neutral intermediaries, but also potential co-conspirators when they profit from criminal acts.

Qantas Hit by Cyberattack Days After FBI Warning on Airline 2FA Bypass Threat

 

Just days after the FBI warned airlines about a surge in 2FA bypass attacks by the hacker group Scattered Spider, Australian airline Qantas has confirmed a major cybersecurity incident. The breach, which targeted a third-party platform used for customer service, has potentially exposed personal data—including names, emails, birth dates, and frequent flyer details—of up to six million customers. 

The attack exploited social engineering tactics, a signature method of Scattered Spider, where attackers impersonate staff to deceive IT help desks into granting unauthorized access. Brett Winterford of Okta described the group as a loosely organized, profit-driven collective that thrives on peer recognition and repeated attacks across successful sectors. In a July 4 statement, Qantas Group CEO Vanessa Hudson assured that no credit card, passport, or financial data was compromised, and Qantas’ core systems remain secure. 

The airline said it contained the breach on July 1 and is working with cybersecurity experts to complete a forensic investigation. Affected customers began receiving email notifications from July 3, with further updates promised on the exact data exposed. Hudson emphasized the company’s commitment to transparency and robust response efforts, saying, “We are treating this incredibly seriously and have implemented additional security measures.” 

Cybersecurity professionals, including ex-FBI agent Adam Marrè and OPSWAT's James Neilson, stressed the need for heightened vigilance in the aviation sector, especially during peak travel periods. Marrè urged organizations to strengthen supply chain defenses and advised consumers to verify all communications from airlines. 

Graylog’s Ross Brewer, a Qantas customer himself, noted that clear and precise communication from the airline is critical to avoiding unnecessary panic and maintaining public trust. With airlines holding vast stores of sensitive data, experts warn the industry is an increasingly attractive target for cybercriminals. The Qantas breach reinforces the FBI’s call for all sectors to evaluate their cybersecurity hygiene and response strategies without delay.

US Government Secretly Builds Enormous Database Tracking Citizens

 

An explosive story regarding the Trump administration's collaboration with Palantir, which could result in the creation of a master database containing data on every American, was released by the New York Times last month. If such a "master list" was created, the Times claims, it would grant the president "untold surveillance power." 

President Donald Trump signed an executive order earlier this year allowing the federal government to exchange data on Americans among multiple organisations. However, we now have a better idea of how the administration plans to accomplish this. Trump has hired Palantir, a software startup co-founded by Trump and Republican megadonor Peter Thiel, to carry out these initiatives. 

According to the New York Times, Palantir's technology would allow for the compilation of sensitive information from agencies such as the Department of Homeland Security, Immigration and Customs Enforcement, and the Internal Revenue Service. Various government databases already have information on Americans' bank account numbers, medical claims, disabilities, student loan levels, and other details, though not in one location. 

In order to boost government efficiency and save hard-earned public cash, the Trump administration has stated that it wants to "eliminate information silos and streamline data collection across all agencies." The threat of a central database, however, is a nightmare for privacy advocates and has even prompted security and privacy worries from former Palantir staff members. 

Palantir controversial role

Despite its reputation for being extremely covert about its data mining and spying activities, Palantir positions itself as a data and analytics firm. Additionally, Palantir has been under fire for offering information services to support the Israeli military during the Israel-Hamas conflict in 2023. The IDF receives intelligence services from Palantir, as CEO Karp has previously revealed.

Palantir has responded by defending its collaboration with Israel and refuting claims that it is supporting war crimes, as its most vocal detractors claim. As part of the Trump Administration's contentious policing and deportation initiatives, Palantir has also been called upon to assist U.S. Immigration and Customs Enforcement (ICE) in tracking immigrants in the United States. 

Why would the Trump Administration use Palantir to acquire data?

Palantir has already been contracted by the federal government for several years. For example, Palantir previously collaborated with Health and Human Services to track the COVID-19 pandemic. However, Palantir's stock and revenue have soared since Trump's inauguration earlier this year. To date, the federal government has given Palantir around $113 million in 2025.

Furthermore, last week, Palantir was given a $795 million contract by the Department of Defence. In 2024, Palantir earned $1.2 billion from the U.S. government, according to the company's last quarterly report. Furthermore, Thiel, a co-founder of Palantir, is a key Republican fundraiser. In addition to giving $1.25 million to Trump's 2016 campaign, he has contributed tens of millions of dollars to Republican congressional campaigns over the years.

How Ransomware Has Impacted Cyber Insurance Assessment Approach

How Ransomware Has Impacted Cyber Insurance Assessment Approach

Cyber insurance and ransomware

The surge in ransomware campaigns has compelled cyber insurers to rethink their security measures. Ransomware attacks have been a threat for many years, but it was only recently that threat actors realized the significant financial benefits they could reap from such attacks. The rise of ransomware-as-a-service (RaaS) and double extortion tactics has changed the threat landscape, as organizations continue to fall victim and suffer data leaks that are accessible to everyone. 

According to a 2024 threat report by Cisco, "Ransomware remains a prevalent threat as it directly monetizes attacks by holding data or systems hostage for ransom. Its high profitability, coupled with the increasing availability of ransomware-as-a-service platforms, allows even less skilled attackers to launch campaigns."

Changing insurance landscape due to ransomware

Cyber insurance is helping businesses to address such threats by offering services such as ransom negotiation, ransom reimbursement, and incident response. Such support, however, comes with a price. The years 2020 and 2021 witnessed a surge in insurance premiums. The Black Hat USA conference, scheduled in Las Vegas, will discuss how ransomware has changed businesses’ partnerships with insurers. Ransomware impacts an organization’s business model.

At the start of the 21st century, insurance firms required companies to buy a security audit to get a 25% policy discount. Insurance back then used to be a hands-on approach. The 2000s were followed by the data breach era; however, breaches were less common and frequent, targeting the hospitality and retail sectors. 

This caused insurers to stop checking for in-depth security audits, and they began using questionnaires to measure risk. In 2019, the ransomware wave happened, and insurers started paying out more claims than they were accepting. It was a sign that the business model was inadequate.

Questionnaires tend to be tricky for businesses to fill out. For instance, multifactor authentication (MFA) can be a complicated question to answer. Besides questionnaires, insurers have started using scans. 

Incentives to promote security measures

Threats have risen, but so have assessments, coverage incentives like vanishing retention mean that if policy users follow security instructions, retention disappears. Safety awareness training and patching vulnerabilities are other measures that can help in cost reductions. Scanning assessment can help in premium pricing, as it is lower currently. 

FBI Warns Airlines and Insurers as Scattered Spider Ransomware Attacks Surge

 

When the Federal Bureau of Investigation (FBI) sounds the alarm on cybersecurity, organizations should take immediate notice. The latest urgent warning involves the notorious Scattered Spider group, which has already made headlines for attacking major retailers such as Marks & Spencer in the U.K.—a breach estimated to have cost the company upwards of $600 million.

According to the FBI, this cybercriminal organization is now turning its focus to the airline sector, targeting companies both directly and by infiltrating their supply chains. A recent June 26 report by Halcyon ransomware analysts indicated Scattered Spider had expanded operations into the Food, Manufacturing, and Transportation sectors, especially Aviation. The FBI confirmed this, stating via email:

“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.”

The agency also posted this statement on X, formerly Twitter, highlighting that the attackers use consistent tactics—namely social engineering. Scattered Spider often impersonates employees or contractors to manipulate IT help desks into granting unauthorized access. Their ultimate goal is to sidestep multi-factor authentication (MFA) by convincing support staff to register fraudulent MFA devices to compromised accounts.

This threat group has been on law enforcement radar for years. In 2023, the FBI and the Cybersecurity and Infrastructure Security Agency issued a joint advisory after Scattered Spider activity against commercial facilities escalated. Authorities are now working closely with aviation companies to counter this surge in attacks and assist any impacted organizations. The FBI urges anyone who suspects their business has been targeted to contact their local office without delay.

Meanwhile, the Reliaquest Threat Research Team has published a detailed profile of Scattered Spider, emphasizing that 81% of the group’s domains impersonate technology vendors. Their preferred victims are executives and system administrators with high-level credentials. Reliaquest reports that the attackers leverage sophisticated phishing frameworks such as Evilginx and even conduct video calls to deceive targets in industries like finance, technology, and retail.


Recent analysis has uncovered Scattered Spider’s connection to The Community, a loosely organized hacking collective. According to cybersecurity firm Reliaquest:

“Through strategic alliances with major ransomware operators ALPHV, RansomHub, and DragonForce…”

Scattered Spider has gained access to sophisticated tools and techniques, many of which originate from Russia-aligned and English-speaking threat actors. This collaboration has enabled the group to launch highly convincing impersonation campaigns targeting Western organizations.

Social Engineering with a Scripted Edge

To execute these campaigns more effectively, Scattered Spider actively recruits skilled social engineers. Their criteria are precise: candidates must speak native or regionally neutral English and be available during Western business hours. These operators are then equipped with:

Detailed call scripts tailored to the organization being targeted.

Real-time coaching, where a “curator” provides live guidance to handle unexpected situations during calls.

Reliaquest also noted that the group deliberately avoids targeting entities in Russia and the Commonwealth of Independent States, suggesting both geopolitical awareness and operational discipline.

Future Threat: AI-Enhanced Social Engineering


Looking ahead, Reliaquest warns that Scattered Spider is likely to adopt AI tools to further automate and scale their trust-based attacks.

While the FBI’s recent alert focused on threats to the transportation and aviation sectors, other industries are already feeling the impact. John Hultquist, Chief Analyst at Google Threat Intelligence Group, confirmed:

“We are aware of multiple intrusions in the U.S. that bear all the hallmarks of Scattered Spider activity.”

The insurance sector has emerged as a prominent new target. Jon Abbott, CEO of ThreatAware, emphasized:

“The rising tide of attacks on U.S. insurers is a serious threat that should not be underestimated.”

However, he also cautioned that this trend is not limited to insurers; organizations across all industries should take it as a warning.

Supply Chain Weakness: The Common Denominator


Many of these incidents share a dangerous pattern: attackers first compromise a smaller vendor or partner, then use that access to pivot into larger, more valuable targets.

Richard Orange, Vice President at Abnormal AI, echoed the FBI’s concerns:

“This group relies on social engineering rather than technical exploits.”

By posing as trusted contacts, attackers manipulate employees into granting access—allowing them to move laterally across networks, harvest credentials, and breach other departments or third-party systems.

Security First: Verify Every Request


Organisations are strongly advised to:

  1. Scrutinise all requests for changes to multi-factor authentication (MFA) settings.
  2. Enforce strict identity verification procedures, regardless of how convincing the caller may seem.
  3. In this evolving threat landscape, vigilance remains the strongest defense.

FBI Warns of Scattered Spider Cyberattacks on Airline and Transport Sectors

 

The FBI, along with top cybersecurity firms, has issued a fresh warning that the notorious hacking group Scattered Spider is expanding its targets to include the airline and broader transportation industries. In a statement released Friday and shared with TechCrunch, the FBI said it had “recently observed” cyber activity in the airline sector bearing the hallmarks of Scattered Spider’s tactics. 

Experts from Google’s Mandiant and Palo Alto Networks’ Unit 42 also confirmed they have identified attacks on aviation-related systems linked to the same group. Scattered Spider is widely known in cybersecurity circles as a loosely organized yet highly active group of hackers, believed to be comprised mainly of young, English-speaking individuals. Motivated largely by financial gain, the group is infamous for using sophisticated social engineering techniques, phishing campaigns, and even threats directed at corporate help desks to infiltrate systems. In some cases, their intrusions have led to the deployment of ransomware. 

The FBI’s alert highlighted the group’s pattern of targeting both major corporations and their third-party IT service providers. This broad approach means that anyone within the airline ecosystem from airline staff to external contractors could be a potential target. The warning follows a series of cyber incidents involving airlines. 

Hawaiian Airlines confirmed on Thursday that it was responding to a cyberattack affecting its systems. Meanwhile, Canadian carrier WestJet reported a breach on June 13 that is still ongoing. Media reports suggest that Scattered Spider may be responsible for the WestJet intrusion. 

This latest activity comes after a string of attacks by the group on other industries, including retail chains in the U.K. and several insurance companies. In the past, Scattered Spider has also been linked to breaches involving casinos, hotel groups, and large tech firms. Cybersecurity professionals warn that the group’s evolving methods and willingness to exploit human vulnerabilities make them a significant threat across sectors, especially industries reliant on large-scale digital infrastructure and third-party vendors.