Scattered Spider Attacks Again
By Skeeter Wesinger
July 2, 2025
In yet another brazen display of cyber subterfuge, Scattered Spider, the slick, shape-shifting cyber gang with a knack for con artistry, has struck again—this time sinking its fangs into Qantas Airways, compromising data on as many as six million unsuspecting customers. It wasn’t some arcane bit of code that cracked the system. It was human weakness, exploited like a well-worn key.
The breach targeted a third-party customer service platform, proving once again that it’s not always your network that gets hacked—it’s your vendor’s.
A Familiar Pattern, a New Victim
Qantas now joins the growing list of high-profile victims stalked by Scattered Spider, a crew whose previous hits include MGM Resorts, Caesars, Hawaiian Airlines, and WestJet. Their calling card? Social engineering at scale—not brute force, but charm, guile, and just enough personal data to sound like they belong.
They impersonate. They coax. They wear your company’s name like a mask—and by the time IT realizes what’s happened, they’re already inside.
This time, they walked away with customer names, emails, phone numbers, birthdates, and frequent flyer numbers. No passwords or payment data were accessed—Qantas was quick to say—but that’s cold comfort in an age when a birthday and an email address is all that it takes to hijack your digital life.
“Trust, but Verify” is Dead, well, sort of.
As Qantas CEO Vanessa Hudson issued the standard apology—support lines are open, regulators are notified, the sky is still safe. But the real damage isn’t operational. It’s existential. Trust doesn’t come back easy, especially when it’s breached by a whisper, not a weapon.
“We used to worry about firewalls and phishing links,” one insider told me. “Now it’s your own help desk that opens the front door.”
Scattered Spider doesn’t hack computers. They hack people—call center agents, IT support staff, even security teams—using their own policies and training scripts against them. Their English is fluent. Their confidence is absolute. Their patience is weaponized.
The Breach Beneath the Breach
What’s truly alarming isn’t just that Scattered Spider got in. It’s how.
They exploited a third-party vendor, the soft underbelly of every corporate tech stack. While Qantas brags about airline safety and digital transformation, it was a remote call-center platform—likely underpaid, overworked, and under-secured—that cracked first.
We’ve heard this story before. Optus. Medibank. Latitude. The names change. The failures rhyme.
And the hackers? They have evolved.
The Next Call May Already Be Happening
Scattered Spider is a ghost in the wires—a gang of young, highly skilled social engineers, some rumored to be based in the U.S., operating like a twisted start-up. Their tools aren’t viruses—they’re LinkedIn, ZoomInfo, and your own onboarding documents.
What you can do is rethink your threat model. Because the enemy isn’t always a shadowy figure in a hoodie. Sometimes it’s a cheerful voice saying, “Hi, I’m calling from IT—can you verify your employee ID?”
By then, it’s already too late. Need to hire an expert? Call me.