Scattered Spider hackers shift focus to aviation, transportation firms

If you work in aviation or transportation, LISTEN

• Scattered Spider is actively targeting your industry.
• They are using trycloudflare.com to deliver Chisel, a FOSS encrypted reverse proxy.

ACTION ITEMS:

• block trycloudflare.com by FQDN.
• make sure you are using IPS or app signatures on your firewalls to detect the chisel traffic.

NOTE: Chisel is encrypted, so you need to be doing full SSL inspection (TLSI) to effectively detect and block the app.

Additional Resources:

• chisel repo
• CISA chisel overview
• Scattered Spider CISA Advisory

Please don't let this fuck up your 4th.

#ScatteredSpider #UNC3944 #Chisel #ChiselMalware #ThreatIntel #CyberSecurity