According to the FBI’s advisory released late last week, Scattered Spider is known for using advanced social engineering tactics, often posing as employees or contractors. Their goal is to manipulate IT help desk teams into granting unauthorized access—frequently by requesting the addition of rogue multi-factor authentication (MFA) devices to compromised accounts.
The group’s typical targets include large enterprises and their third-party service providers. “That puts the entire aviation supply chain at risk,” the FBI noted. Once they gain entry, the hackers typically exfiltrate sensitive information for extortion purposes and sometimes deploy ransomware as part of their attacks. The agency confirmed that it is working closely with industry partners to contain the threat and support affected organizations.
Hawaiian Airlines reported late last week that it had detected suspicious activity in some of its IT systems. While full flight operations were not disrupted, the airline stated it was taking protective steps. “We’ve engaged with authorities and cybersecurity experts to investigate and remediate the incident,” the company said in a statement, adding that it’s focused on restoring systems and will share further updates as the situation evolves.
Earlier in June, WestJet disclosed that it had experienced a cybersecurity event, which led to restricted access for certain users. The airline has brought in third-party experts and digital forensic analysts to investigate the breach.
Although the culprits haven’t been officially named, recent analysis from security firm Halcyon indicates that Scattered Spider has broadened its scope, now targeting not only aviation but also sectors like food production and manufacturing.
“These attacks are fast-moving and devastating,” Halcyon warned. “They can cripple an entire organization in just a few hours, with impacts on everything from operations to consumer trust.”
Other experts echoed these concerns. Palo Alto Networks’ Unit 42 recently advised aviation companies to be extra cautious, particularly regarding suspicious MFA reset requests and socially engineered phishing attempts.
Darren Williams, founder and CEO of cybersecurity company BlackFog, emphasized the high value of the airline sector for cybercriminals. “Airlines manage immense volumes of sensitive customer data, making them an extremely attractive target,” he said. “With international travel surging, attackers are exploiting this pressure point.”
Williams added that the disruptions caused by such attacks can ripple across the globe, affecting travelers, business continuity, and public confidence. “These incidents show that airlines need to invest more heavily in cybersecurity infrastructure that can protect passenger data and maintain operational integrity.”
