Scattered Spider hackers shift focus to aviation, transportation firms
If you work in aviation or transportation, LISTEN
- Scattered Spider is actively targeting your industry.
- They are using trycloudflare.com to deliver Chisel, a FOSS encrypted reverse proxy.
ACTION ITEMS:
- block trycloudflare.com by FQDN.
- make sure you are using IPS or app signatures on your firewalls to detect the chisel traffic.
NOTE: Chisel is encrypted, so you need to be doing full SSL inspection (TLSI) to effectively detect and block the app.
Additional Resources:
Please don't let this fuck up your 4th.
#ScatteredSpider #UNC3944 #Chisel #ChiselMalware #ThreatIntel #CyberSecurity