The notorious cybercrime group Scattered Spider has shifted its focus to the airline industry, prompting a warning from the FBI after confirmed cybersecurity breaches at Hawaiian Airlines and Canada’s WestJet.
According to a recent FBI advisory, the group exploits social engineering tactics, often impersonating internal staff or contractors, to manipulate IT help desks into granting unauthorized access. These techniques have enabled the attackers to circumvent multi-factor authentication (MFA) by registering their own MFA devices on compromised accounts.
The FBI emphasized that large corporations and third-party IT vendors within the aviation ecosystem are at heightened risk. Once inside, the hackers are known to steal sensitive information for extortion and often launch ransomware attacks.
Following the breach, Hawaiian Airlines acknowledged a cyber incident affecting parts of its IT infrastructure. Despite the attack, operations continued without disruption. The airline confirmed that it had engaged law enforcement and cybersecurity experts and is working toward a complete system restoration.
Similarly, WestJet recently reported a cybersecurity issue that restricted access for several users. The airline is actively investigating the breach with support from digital forensics and cybersecurity specialists.
While the perpetrators behind these attacks haven’t been officially confirmed, cybersecurity firm Halcyon attributed recent aviation, food, and manufacturing sector incidents to Scattered Spider, noting the group’s aggressive and fast-paced approach.
The aviation sector has faced increasing warnings about such threats. Experts from Palo Alto’s Unit 42 and BlackFog have both flagged the industry as a high-risk target due to its global operational impact and the vast amount of sensitive passenger data it handles.
“With international travel peaking, cybercriminals are taking advantage of the industry’s pressure to maintain smooth operations,” said Darren Williams, CEO of BlackFog. “Airlines must act swiftly to reinforce their cybersecurity defenses and protect both their data and customer trust.”
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
