The FBI issues a dispersed spider attack warning.
Update, June 29, 2025: This story, initially published on June 28, has been updated with comments from experts from cybersecurity professionals concerning the Spistred Spider threat group referenced in the latest FBI 2FA-BYPASS attack warning.
When the Federal Bureau of Investigation issues a cybersecurity alert, you would be well advised to pay attention and act. If this implies Malicious sms messages,, Food phishing attacks, or, as I recently pointed out, the number mounted in Ransomware threats. And Ransomware is the subject of this critical and critical warning of the FBI. This time, involving the Spider Spider threat group which made the headlines after taking responsibility for several attacks in the retail sector, including that against Marks & Spencer in the United Kingdom, which would have cost the street chain at least $ 600 million. Now the group aims at the air transport industry, the FBI has warned, both directly and through the entire supply chain. Here’s what you need to know.
The FBI confirms dispersed spiders attacks targeting transport
A June 26 report Halcyon ransomware analysts have warned that there were “indications that Spottered Spider is now targeting the food, manufacturing and transport sectors (in particular aviation) in the United States.” This has now been confirmed by the FBI which provided me with an e-mail declaration which said: “The FBI recently observed that the Cybercriminal Group dispersed Spider expanding its targeting to include the airline sector.”
The declaration too Posted on XFommerly known as Twitter, continued to confirm that the ransomware group uses the same methods during this increase in attacks in new sectors, namely “social engineering techniques, often usurping the identification of employees or entrepreneurs to deceive that it helps offices to grant access”.
More specifically, Spander Spider seeks to circumvent Mutli-Factor authentication, commonly known as MFA or 2FA, using various methods to bring these assistance offices to “add unauthorized MFA devices on compromise accounts”.
The scattered spider has been on the FBI radar for several years, with a Cybersecurity joint advice In parallel with the cybersecurity and infrastructure Security Agency published in 2023 in response to what he described as “activity by threatening actors dispersed against the sectors and sub-sectors of commercial installations”.
The FBI told me that he was currently working actively with aviation and industry partners to “fight against this activity and help the victims” and urged anyone who thinks that their organization may have been targeted to contact their local FBI office. In the meantime, beware of anyone asking that 2FA devices not authorized be added to accounts and follow the security processes and procedures established to the letter, whatever the person making the request.
The FBI has warned of air attacks, but the insurance sector is also targeted by Spander Spider
Although the FBI’s latest warning has focused on current threats of attack targeting transport, and in particular aviation, the sector and its supply chain, Spander Spider has also widened to include the insurance industry in its reticulation. “Google Threat Intelligence Group is now aware of several intrusions in the United States which bear all the characteristics of the activity of scattered spiders,” said John Hultquist, chief analyst of Google Threat Intelligence Group, “we now see incidents in the insurance sector.”
Jon Abbott, CEO of Threataware, said carefully that if “the rising tide of attacks on American insurers” is a serious threat that should not be underestimated, it also represents “a warning for other industries to remain vigilant”. Although the scattered spider group has historically leaned to target an industrial sector at the same time, there is a danger that, as aviation is now under the spotlight, other organizations divert the remaining danger before them.
With a common denominator between many attacks being the exploitation of the supply chain, with such a compromise allowing a lateral movement on larger fish, it is proof that companies that may not consider themselves in the aviation, insurance or retail trade sectors are still in danger.
Richard Orange, vice-president of the abnormal AI, reiterates what the FBI said. “This group is based on social engineering rather than on technical exploits,” said Orange, “and bypassing traditional security checks by manipulating people, such as pretending to be computer staff or trusted partners.” This can often appear as an isolated incident or violation, but Spander Spider will move laterally, concluded Orange: “The rewards to deceive other departments, customers and partners”.
