[aviation news]
The FBI has issued an urgent alert to the U.S. airline industry, warning of a sophisticated cybercriminal group called Scattered Spider.
This loosely organized gang, known for its cunning social engineering tactics, has set its sights on airlines, their vendors, and third-party IT providers.
With the aviation sector critical to national security and facing peak travel seasons like the July 4th holiday, these cyberattacks pose serious risks.
Who Is Scattered Spider?
Scattered Spider, also tracked as UNC3944, is a group of mostly young, English-speaking hackers based in the U.S. and U.K. They gained notoriety in 2023 for breaching major companies like MGM Resorts and Caesars Entertainment.
Recently, they’ve targeted retail giants like Marks & Spencer and Harrods, as well as insurance firms like Aflac. Now, the FBI confirms that airlines are in their crosshairs.
The group collaborates with ransomware outfits like ALPHV and RansomHub, using stolen data for extortion or deploying ransomware to lock critical systems.
Their hallmark is social engineering. Hackers impersonate employees or contractors, tricking IT help desks into granting access to sensitive systems.
By exploiting trust, they bypass multi-factor authentication (MFA) and register unauthorized devices. Once inside, they steal data, monitor internal platforms like Slack, and evade detection using remote access tools.
Their attacks are meticulously planned, often guided by a “curator” who provides real-time instructions.
Recent Airline Attacks
At least two airlines have been hit recently. On June 13, 2025, Canada’s WestJet reported a cybersecurity incident, followed by Hawaiian Airlines on June 26, 2025. While neither airline named Scattered Spider publicly, the FBI’s warning aligns with these events.
While those breaches didn’t result in flight disruptions, they’ve raised alarms about data security. Customer information, operational systems, and vendor networks are at risk, especially as airlines rely heavily on digital infrastructure.
The FBI notes that Scattered Spider doesn’t just target airlines directly. They also exploit vulnerabilities in third-party providers, such as IT vendors and customer service call centers.
This broad attack surface makes the entire airline ecosystem vulnerable, from booking platforms to maintenance systems.
Why Airlines Are Targets
Airlines are high-value targets due to their vast stores of sensitive data, including passenger details and financial records. A breach could lead to identity theft, financial losses, or operational disruptions, such as issues with passenger check-ins or flight scheduling.
The aviation sector’s role in national security amplifies the stakes. As cybersecurity firms like Google’s Mandiant and Palo Alto Networks’ Unit 42 warn, Scattered Spider’s shift to airlines follows their pattern of targeting industries sequentially, exploiting peak operational periods.
FBI’s Advice to Airlines
The FBI urges airlines to act swiftly to counter this threat. Key recommendations include:
- Strengthen Help Desk Protocols: Train staff to verify identities rigorously and avoid bypassing MFA.
- Secure Third-Party Vendors: Ensure partners follow robust cybersecurity practices.
- Avoid Paying Ransoms: Paying hackers doesn’t guarantee data recovery and may fuel further attacks.
- Report Breaches Immediately: Contact local FBI field offices to enable rapid response and intelligence sharing.
What This Means for Passengers
For travelers, these attacks haven’t yet impacted flight safety, but they underscore the importance of protecting personal data.
Passengers should monitor their accounts for suspicious activity and use strong, unique passwords. Airlines, meanwhile, must prioritize cybersecurity to maintain trust and avoid disruptions during busy travel seasons.
Looking Ahead
Scattered Spider’s evolving tactics and focus on airlines signal a growing threat. As the group continues to target critical industries, airlines must bolster their defenses and collaborate with cybersecurity experts.
The FBI’s warning is a call to action for the aviation sector to stay vigilant and protect the systems that keep America flying.
Share this content:
