The US Federal Bureau of Investigation (FBI) last week issued a warning on X that the cybercriminals responsible for the recent devastating cyber-attacks on the UK retail sector are now targeting the airline sector on both sides of the Atlantic. Hard on the heels of the FBI’s warning came the news that the Qantas airline has suffered a major cyber-attack, affecting more than six million customers and likely resulting in the “significant” theft of personal information. Qantas confirmed the data breach Wednesday morning, alerting customers to a cyber incident affecting a third-party platform used by an airline contact center.
Qantas is now investigating whether the hacking group, referred to as ‘Scattered Spider’, that recently targeted UK retailer Marks and Spencer was behind a cyber-attack.
“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” warns the FBI.
The FBI also refers to this criminal group as ‘Scattered Spider’. But ‘Scattered Spider’ is merely a name made up by cybersecurity experts to refer to a new and highly disturbing threat that has only recently been identified.
‘The Community’ now targets numerous sectors
As reported by Cyber Intelligence, a diffuse criminal group of youthful cybercriminals in the US and the UK calling themselves “The Community”, or “The Com” for short, is now targeting major corporations across numerous sectors. In addition to the recent attacks on Quantas and Marks & Spencer, the group has also successfully breached MGM, Microsoft, Nvidia, and Electronic Arts.
What distinguishes The Community from cybercriminal gangs based in geographies such as Russia, China, Iran and North Korea is that they are relatively well-educated Western teens capable of sounding highly plausible, without creating the suspicions that arise when staff hear a Russian or other foreign language accent.
According to the FBI: “These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access…They target large corporations and their third-party IT providers.”
Six members of The Community were the subject of some high-profile arrests in late 2024. But given that the group already numbers thousands of members, the chances of any single hacker being caught are so slim that sporadic prosecutions can do little to deter the majority of what is a rapidly-growing subculture of a new and very dangerous generation of home-grown cyber criminals in the US and the UK.
