Cybercrime Hits WestJet and Hawaiian Airlines Amid FBI Warning

At least two North American airlines—WestJet and Hawaiian Airlines—have confirmed they were targeted by cyberattacks in June, prompting concerns of a broader threat to the aviation industry. The FBI and top cybersecurity firms have issued warnings about a group of cybercriminals known as Scattered Spider, believed to be behind the latest wave of attacks.

WestJet and Hawaiian Airlines both issued statements confirming they were responding to cybersecurity incidents, although specific details have not been disclosed. American Airlines also reported a technical disruption on Friday, but the company has not confirmed whether the issue was connected to any cyberattack. A spokesperson for American Airlines said the airline was working with partners to resolve a connectivity problem and, despite delays, had not canceled any flights.

The FBI issued a public alert on X, formerly Twitter, stating that Scattered Spider was actively targeting the aviation industry. The agency is working with both aviation companies and cybersecurity experts to contain the threat and assist impacted organizations. Scattered Spider is notorious for using social engineering tactics to gain internal access to corporate systems. These individuals, often young and English-speaking, are skilled at impersonating employees and convincing staff to share credentials or access systems.

Once access is secured, Scattered Spider frequently passes it to external ransomware operators who deploy malware that locks down systems until companies pay a ransom. This tactic has led to major disruptions across industries. The group was previously tied to high-profile attacks on Las Vegas casinos and British retail chains, and it’s also believed to be linked to the cyberattack that crippled a key Whole Foods supplier earlier this year.

Cybersecurity firms, including Google and Palo Alto Networks, have identified an uptick in activity linked to Scattered Spider, specifically targeting companies in the aviation and travel sectors. The group’s recent shift in focus appears to be part of a broader trend where critical infrastructure and high-value logistics industries are increasingly in the crosshairs of ransomware gangs.

While many cybersecurity providers decline to name victims due to nondisclosure agreements, analysts are warning companies in the aviation ecosystem to take immediate steps to assess and strengthen their defenses. The aviation industry, which relies heavily on complex digital systems for everything from ticketing to aircraft maintenance, is particularly vulnerable to disruptions caused by ransomware.

Experts caution that while no airline has yet confirmed paying a ransom, the threat of significant operational disruption could pressure victims to comply with attackers’ demands. The recent attacks underscore the urgency of modernizing cybersecurity protocols across the travel industry and highlight the growing need for vigilance against socially engineered threats that target human error as much as technical vulnerabilities.

Sources: AirGuide Business airguide.info, bing.com, cnbc.com