The FBI and leading cybersecurity companies are alerting the public that a notorious hacking group known as Scattered Spider has begun actively targeting airlines and the broader transportation industry.
In an official statement issued recently, the FBI indicated it had observed cyberattacks bearing the hallmarks of Scattered Spider operations within the aviation sector. Industry sources from Google’s cybersecurity arm, Mandiant, as well as Palo Alto Networks’ research team, Unit 42, corroborated the FBI’s assessment, confirming their own detections of similar attacks aimed at airline companies.
Scattered Spider consists predominantly of English-speaking cybercriminals—typically teenagers and young adults—driven primarily by financial gain. The group’s tactics commonly incorporate sophisticated social engineering strategies, phishing campaigns, and occasional threats of violence against corporate call centers and help desk staff to breach organizational networks. Once inside, the hackers often resort to ransomware and extortion, leveraging sensitive data stolen from compromised systems.
The FBI specifically noted that large corporations and their external IT providers could both be attractive targets, suggesting that virtually anyone within the airline industry’s extended supply chain—from trusted vendors to contractors—may be vulnerable.
Recent events underscore these concerns: Hawaiian Airlines confirmed late Thursday it was actively responding to a cyber intrusion and taking steps to protect its infrastructure. Similarly, WestJet—Canada’s second-largest airline—was hit by a cyberattack beginning June 13, which remains unresolved as of now. Multiple reports have attributed the WestJet incident directly to Scattered Spider.
This heightened wave of targeted attacks on transportation follows the group’s recent intrusions into other key sectors, including significant breaches within the British retail industry and a notable incident involving major U.S. insurance provider Aflac. Previously, the same cybercriminal organization had successfully broken into numerous high-profile networks, such as major hotel operators, casinos, and influential technology enterprises.
