A well-known cybercriminal network has turned its focus to the aviation sector, breaching the computer systems of multiple airlines across the United States and Canada this month. According to the FBI and cybersecurity professionals involved in the response, the group responsible is “Scattered Spider,” a collective of young, highly skilled hackers notorious for data theft, extortion, and public embarrassment of their victims.
While no flight safety systems have been compromised, the attacks have raised concerns among top cybersecurity executives at major U.S. airlines. This marks the third major industry in just two months—following insurance and retail—to be targeted by Scattered Spider.
The group typically infiltrates large corporations and their IT vendors, making the entire aviation supply chain vulnerable. In a public statement, the FBI confirmed Scattered Spider’s involvement and warned that the hackers “steal sensitive data for extortion and often deploy ransomware” once inside a network. The agency also stated it is working closely with aviation stakeholders to mitigate the threat and support affected companies.
Hawaiian Airlines and Canada’s WestJet both confirmed they are still investigating recent cyber incidents but did not identify the attackers by name. Industry insiders say other victims within the aviation ecosystem may still come forward.
WestJet first reported a “cybersecurity incident” two weeks ago that impacted access to some of its systems, including its customer app. Hawaiian Airlines also acknowledged a cyberattack but noted that day-to-day operations remained unaffected.
This lack of disruption, experts suggest, reflects strong internal safeguards and effective continuity planning. Aakin Patel, former chief information security officer at the main airport in Las Vegas, pointed to network segmentation and resilient systems as likely reasons the airlines avoided major fallout.
Jeffrey Troy, president of the Aviation Information Sharing and Analysis Center (ISAC), said the wave of attacks isn’t limited to airlines themselves but extends to other parts of the aviation ecosystem. Financially motivated hackers and the fallout from global political tensions are driving these threats, he noted.
The importance of robust IT systems in the airline industry was further highlighted when a separate, unrelated outage on Friday caused delays for some American Airlines passengers—underscoring how fragile operations can be even without a cyberattack.
The latest breaches have prompted airlines to step up their monitoring and engage external cybersecurity firms. Sources say internal IT teams are working alongside companies like Google-owned Mandiant to contain the breaches and reinforce weak points—particularly customer service call centers, a frequent entry point for Scattered Spider.
The group often uses social engineering to gain access, posing as employees or customers when calling help desks. Because airlines heavily depend on call centers for customer support, these become easy targets for impersonation and intrusion.
Scattered Spider first came into the spotlight in late 2023 after high-profile breaches at MGM Resorts and Caesars Entertainment in Las Vegas. The group is known to focus on one industry at a time for several weeks. In recent months, they’ve been linked to attacks on insurance giant Aflac, where sensitive personal data may have been stolen, and on retail chains connected to Ahold Delhaize USA, the parent company of Giant and Food Lion.
According to Charles Carmakal, Chief Technology Officer at Mandiant, the group’s methods have stayed largely consistent. He confirmed multiple incidents in the airline and broader transportation sectors that closely match the tactics of Scattered Spider.
Also Read:
