A dangerous hacking group known as Scattered Spider is now going after airlines, according to a new warning from the FBI. These attackers are using very smart and sneaky tricks to break into airline systems across the United States and Canada.
Scattered Spider, also called Muddled Libra or UNC3944, has been behind some big cyberattacks in recent years. You might remember them from the MGM Resorts and Caesars Entertainment breaches in 2023, where casino operations were disrupted and sensitive data was stolen. Now, the group has shifted its focus to the aviation industry.
In June 2025, both Hawaiian Airlines and WestJet in Canada confirmed that they had been targeted by cyberattacks. While neither company named the attacker, security experts believe it’s the work of Scattered Spider. Analysts from Google’s Mandiant and Palo Alto Networks’ Unit 42 say the group’s style and methods match what was used in these recent incidents.
According to the FBI and cybersecurity firms, Scattered Spider uses social engineering as its main tactic. That means instead of breaking in using technical tools, they trick real people into letting them in. For example, they call company help desks pretending to be employees or vendors, then ask for help resetting their multi-factor authentication (MFA) or adding new devices.
This method has proven very effective. Once they get access, the hackers can move through internal systems, steal data, and sometimes even demand ransom payments. In some cases, they have used this access to cause major service disruptions or leak sensitive files.
The FBI has issued a formal alert about this threat and is working closely with aviation companies to prevent further attacks. The agency says that early reporting is extremely important. If a company notices anything suspicious, contacting the FBI immediately can help reduce damage and stop the attack from spreading.
Experts are also giving strong advice to all companies in the airline and travel sector. Charles Carmakal, the CTO at Mandiant, said help desks should be extra cautious about requests to reset MFA or add new login devices. He said attackers often create a sense of urgency to rush staff into making mistakes.
Sam Rubin from Unit 42 also warned companies to prepare for more advanced phishing and impersonation attacks. He said it’s important for staff to be trained and for systems to require strong identity verification, especially for access to sensitive areas.
Airlines are especially vulnerable targets for a group like Scattered Spider. Their systems are complex, and they often work with third-party vendors who have access to the network. This makes it easier for hackers to find a weak spot and use it to get inside. If they succeed, it can impact flight operations, bookings, passenger data, and more.
The fact that these attackers don’t rely heavily on traditional malware or hacking tools makes them harder to detect. Since they’re using real login credentials, it often looks like a normal user accessing the system. That’s why stopping them early, before they get inside, is so important.
To protect against this kind of threat, organizations are being urged to review their internal security policies. This includes tightening up identity verification procedures, improving staff training on social engineering, and setting up alerts for unusual account activity.
The FBI has reminded all businesses in the aviation sector that they are available to help and are actively monitoring this threat. They encourage companies to report incidents, no matter how small they may seem.
As Scattered Spider continues to evolve and expand its targets, it’s clear that the group is becoming more dangerous. The aviation industry must stay alert and take proactive steps now to avoid becoming the next victim.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
