A cybercriminal collective known as Scattered Spider has intensified its attacks against major airline networks, prompting federal authorities to issue urgent warnings about escalating threats to the transportation sector. The group, composed primarily of English-speaking teenagers and young adults based in the United States and United Kingdom, has shifted its focus toward airlines and the broader transportation ecosystem, according to recent FBI alerts.
The hackers employ sophisticated social engineering techniques to manipulate airline staff, often impersonating legitimate employees to request password resets or multi-factor authentication token changes. These deceptive tactics target help desks and call centers through phone and email contacts, exploiting staff access privileges to gain system entry. Recent studies show data breach costs now average $4.35 million for affected organizations.
Once insider access is obtained, the group deploys ransomware and data theft tools, pursuing financial gain through extortion schemes.
Recent incidents demonstrate the group’s growing impact on airline operations. Hawaiian Airlines experienced a cyberattack that compromised IT systems during maintaining flight safety and passenger operations. WestJet, Canada’s second-largest airline, faced an ongoing cyberattack in June 2025, resulting in system and mobile application outages. Security experts have linked these incidents to Scattered Spider’s established methods and targeting patterns.
The airline industry’s extensive reliance on interconnected technologies creates particularly vulnerable attack surfaces. The FBI highlights that “anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” raising concerns about supply chain vulnerabilities.
Third-party IT providers and contractors represent additional entry points that expand potential attack vectors beyond direct airline networks.
Industry vulnerabilities extend to critical onboard systems, including traffic avoidance and flight management technologies, raising concerns about potential future targeting. The complexity and scale of airline IT infrastructure complicate rapid incident containment and response efforts, as the interconnected nature of airline operations amplifies potential disruption impacts. Similar tactics have also compromised Aflac, resulting in data breaches that exposed Social Security numbers and personal information. Cybersecurity firms including Mandiant and Palo Alto Networks have joined the ongoing monitoring efforts to track the group’s evolving tactics.
The attacks have resulted in service disruptions, system outages, and temporary unavailability of mobile applications for affected carriers. Data breaches have exposed sensitive customer and company information, though the true scope of incidents may be broader than publicly disclosed.
Federal authorities continue monitoring the evolving threat terrain as Scattered Spider expands its transportation sector targeting.
