By Steve Neavling
A cybercriminal group known as Scattered Spider is targeting North American airlines in a wave of extortion-driven attacks, the FBI warned in an alert issued Friday.
The group has recently focused on large airlines and their third-party IT vendors, using social engineering tactics to gain access to sensitive systems, NEXSTAR reports. According to the FBI, that puts not just the carriers at risk, but anyone in the airline ecosystem, including contractors and trusted partners.
“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the alert reads, in part.
Several major airlines have reported security incidents in recent weeks, though none have publicly attributed the breaches to Scattered Spider. Canada’s WestJet disclosed a “cybersecurity incident” in mid-June that disrupted internal systems and caused outages for customers trying to use the app and website. The airline said some users may have experienced restrictions or errors, but didn’t confirm whether those issues were the result of the attack or mitigation efforts.
Soon after, Hawaiian Airlines acknowledged a separate cybersecurity event involving its IT systems, according to local news station KHON. The company did not say if customer data had been affected and declined to provide additional information.
Delta Air Lines also appeared to take precautionary action last week, locking some customer accounts after detecting suspicious activity. A Delta spokesperson told Nexstar’s WHTM the move was taken “out of an abundance of caution” and involved resetting credentials for certain accounts. “We apologize for any inconvenience this might cause,” the airline said, emphasizing that SkyMiles accounts remained secure.
While the FBI alert does not link Scattered Spider to any specific incident, it warns the group is expanding its operations to specifically target airlines. The hackers often impersonate employees or contractors to trick IT help desks into granting unauthorized access, including bypassing multi-factor authentication.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) says the group relies heavily on social engineering, manipulating or deceiving people rather than exploiting technical flaws, to breach secure systems. That includes posing as IT staff to convince employees to provide credentials or add unapproved devices for MFA.
The FBI is urging companies in the aviation sector to remain vigilant, tighten verification protocols, and train employees to recognize common social engineering tactics.
