Hackers Target Airlines Using Deceptive Tactics

Nearly a year after a global IT outage linked to CrowdStrike grounded flights worldwide, airlines are once again under threat—this time from a cybercriminal group known as Scattered Spider. The United States Federal Bureau of Investigation has issued a public warning about the group’s focus on the airline sector, citing their use of advanced social engineering techniques to breach systems.
According to the FBI, Scattered Spider impersonates employees and contractors to trick IT help desks into granting access to internal systems. These attacks often bypass multi-factor authentication by convincing support staff to register unauthorized devices on compromised accounts. The hackers use deception, phishing, and sometimes even violent threats against support teams to gain the upper hand.
Scattered Spider is believed to consist largely of English-speaking teenagers and young adults. While the FBI has not named any specific airline victims, recent cybersecurity incidents involving WestJet and Hawaiian Airlines suggest the threat is active and ongoing. Reports indicate that WestJet’s mid-June breach may be linked to Scattered Spider, although the airline has not publicly confirmed the group’s involvement.
The threat extends beyond airlines. The FBI warns that Scattered Spider also targets third-party IT providers and other large corporations connected to the aviation industry. This includes contractors, vendors, and any party with access to airline systems. Once inside, the attackers steal sensitive data and deploy ransomware to demand extortion payments.
The FBI emphasized the importance of early reporting to help limit the spread of attacks and coordinate industry-wide responses. By alerting authorities promptly, victims can contribute to shared intelligence efforts and potentially prevent further damage. The agency urged affected organizations to contact their local FBI office for support.
Scattered Spider has previously struck the travel and hospitality sector. In 2023, the group was responsible for a high-profile attack on MGM Resorts International, and Caesars Entertainment also reported a breach around the same time. These incidents suggest the group’s operations are not isolated but part of a broader campaign targeting industries with large-scale data access and customer interfaces.
Some security experts have criticized how responsibility is often placed on victims and frontline employees. Paul Walsh, CEO of decentralized security firm MetaCert, described the tactics as typical phishing attacks. He noted that while phishing accounts for the majority of cyberattacks, the continued effectiveness of these methods highlights a failure in the cybersecurity industry rather than a lack of diligence from companies.
Walsh stressed that the root issue lies in outdated security models that do not effectively prevent socially engineered attacks. He believes vendors and partners need to improve their technologies to stay ahead of attackers rather than placing the burden entirely on end users.
Travel technology provider Sabre acknowledged the heightened cybersecurity environment and said it maintains a proactive threat management program. In a statement, the company confirmed it follows best practices recommended by Google Cloud Mandiant and CISA and is increasing vigilance in response to the evolving threat landscape.
Related news: https://airguide.info/category/air-travel-business/artificial-intelligence/, https://airguide.info/category/air-travel-business/travel-business/