Understanding the Impact of Scattered Spider on the Airline & Transportation Industry

Scattered Spider (also known as UNC3944) is a financially motivated cybercriminal collective conducting social-engineering, MFA‑bypass and ransomware campaigns—recently targeting airlines and third‑party IT vendors. Qualys analyzed ~600,000 anonymized airline-sector assets, identified exposure to actively exploited CVEs (notably CVE-2015-2291, CVE-2021-35464, CVE-2024-37085), found thousands of internet-facing and EOL/EOS systems at risk, and provided remediation guidance and monitoring recommendations.