Australian airline Qantas revealed that it discovered a cyber attack on Monday when the danger actors had access to a third party platform with customer data.
Qantas is Australia’s largest airline, which operates domestic and international flights in six continents and employs around 24,000 people.
In a press release released on Monday night, the airline stated that the attack lies, but is believed to have stolen a “significant” volume of data. A danger actor began the violation after targeting a Qantas call center and gaining access to third-party customer servicing platforms.
“On Monday, we discovered unusual activity on the platform of the third party used by a Qantas Airline Contact Center. We then took immediate steps and incorporate the system. We can confirm all the Qantas system being safe,” Qantas said,
“There are 6 million customers who have service records in this platform. We are continuing checking the ratio of stolen data, although we hope it will be important. A preliminary review has confirmed that data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.”
Qantas states that no credit card or personal financial information was exposed, and continuous flyer account passwords, pins and login details were not affected.
After detecting the violation, Kantas says he informed the Australian Cyber Security Center, the Office of the Australian Information Commissioner and the Australian Federal Police. It is not clear that external cyber security experts are assisting in the investigation.
Scattered spider attacks target aviation firms
The attack comes in the form of cyber security firms that hackers known as “scattered spider” have begun to target aviation and transport industries.
Although it is not clear whether the group is behind the attack of Qantas, Bleeping Computer has learned the event that danger share similarities with other recent attacks by actors.
Scattered spider (also tracked as 0ktapus, UnC3944Scatter swine, starfraud, and Masculine) There is a group of danger actors known to conduct social engineering and identity-based attacks against organizations around the world, usually using fishing, sim swapping, MFA bombing, and employees help the desk phone calls to get access to credentials.
In September 2023, he carried forward his attacks by encrypting 100 VMware ESXI Hypervisors using Blackcat ransomware after dissolving MGM resorts and implementing an employee. He has also participated with other ransomware operations, such as RansomahbKyulin, and Dragonforce. Other organizations targeted by scattered spider include Twilio, Coinbase, Dordash, Caesar, Melchimp, Riot Game and Redit.
Recently, after focusing on retail and insurance companies, cybercity firms warned on Friday that the scattered Spider had shifted his attention to aviation, recently connected to the danger actors of danger with an attack on aerial airlines and waste.
Bleepingcomputer has learned that in Westjet Brech, threatening actors exploited a self-service password reset to get access to an employee’s account, which was then used to break the network.
The danger actors are employed by a sector-by-sector approach to their attacks, and it is not clear whether they are done with the aviation sector and what the industry will be targeted further.
Organizations defending against this type of danger should begin by gaining full visibility in complete infrastructure, identity systems and important management services.
This involves securing self-service password reset platforms, help desks and third-party identity vendors, who have become the general goals of these danger actors.
Both Google Danger Intelligence Group (GTIG) And Palo Alto Network The known “scattered spider” strategy has issued guides on strict rescue, which admins must familiarize themselves.
Other recent cyber attacks are considered associated with the scattered spider, including M&S, Co-op, Eri Insurance and AFLAC.
While cloud attacks can be more sophisticated, the attackers still succeed with surprisingly simple techniques.
Drawing by the detection of Vij in thousands of organizations, this report reveals the 8 major techniques used by Claude-Floid danger actors.
