The Scattered Spider hacking group, long known for targeting major corporations, has now set its sights on the airline and broader transportation industry. The FBI and top cybersecurity firms have issued fresh warnings as the threat actor expands its reach, putting aviation systems and their third-party vendors at serious risk.
In a statement shared Friday, the FBI confirmed it has “recently observed” attacks against the airline sector that match Scattered Spider’s distinct tactics. Industry leaders at Google’s Mandiant and Palo Alto Networks’ Unit 42 echoed the warning, revealing that they too have tracked Scattered Spider cyberattacks aimed at aviation targets.
Teen Hackers, Big Damage: How Scattered Spider Operates
Scattered Spider isn’t your typical cybercrime ring. This group is made up mostly of young, English-speaking hackers — often teenagers and young adults — who are financially motivated and incredibly persistent. Their preferred methods involve social engineering, phishing, and even threats of violence aimed at support staff and IT help desks to breach networks. Once inside, they steal sensitive data or deploy ransomware for extortion.
What makes them especially dangerous is their ability to infiltrate not just major brands, but also the third-party IT vendors and service providers connected to them. The FBI warned that any organization within the airline ecosystem — including contractors, suppliers, and tech partners — could become a target.
This comes amid active investigations into recent cyberattacks on Hawaiian Airlines and WestJet. Hawaiian Airlines disclosed on Thursday that it’s working to secure its systems after an intrusion, while Canada’s WestJet continues to deal with a June 13 cyberattack. Reports suggest that Scattered Spider may be behind the WestJet breach, although details are still unfolding.
The aviation incidents are the latest in a string of attacks from this prolific group, which has previously hit retailers, insurers, casino chains, hotel brands, and tech companies. Their aggressive approach and evolving tactics make them one of the most high-profile threats on the cyber landscape right now.
Security experts are urging companies, especially those in critical infrastructure sectors like transportation, to reinforce their defenses — especially around employee access controls, third-party integrations, and incident response planning.
