Cybercrime Surge: Scattered Spider Targets U.S. and Canadian Airlines in Sophisticated Attacks

Scattered Spider Cyberattacks Put U.S. Airlines on High Alert

A rising threat in the cybercrime world, Scattered Spider is a loosely organized yet highly capable group of young hackers known for targeting large corporations in the U.S. Their attacks often involve aggressive social engineering tactics and ransomware deployment. After successfully infiltrating major insurance and retail companies in recent months, they have now turned their sights to the aviation industry.

According to the FBI, Scattered Spider recently breached the computer networks of multiple airlines in the U.S. and Canada, though no flight safety systems were compromised. This shift marks a troubling escalation in the group’s activity, placing a critical infrastructure sector on high alert during the peak of the summer travel season.

The FBI confirmed Friday that the hackers are exploiting IT contractors and third-party vendors, widening the scope of potential entry points. Once inside, they steal sensitive data for extortion and may deploy ransomware. Federal agencies are actively collaborating with aviation companies to contain the threat and assist victims.

Hawaiian Airlines and Canada’s WestJet both acknowledged cybersecurity incidents this month. While neither airline confirmed the identity of the hackers, sources familiar with the investigation attribute the attacks to Scattered Spider. Fortunately, flight operations were not affected, thanks to strong internal cybersecurity protocols and network separation.

However, cybersecurity experts warn that this is only the beginning. The Aviation ISAC (Information Sharing and Analysis Center) stated that not just airlines, but the broader aviation ecosystem—including logistics and maintenance vendors—is now being targeted.

Scattered Spider is infamous for impersonating employees during calls to tech support or help desks to bypass security protocols—a method especially effective in airline customer service centers, which are essential for operations.

Mandiant, a cybersecurity firm owned by Google, is actively assisting several airlines with containment and response efforts. “Airlines rely heavily on call centers for a lot of their support needs,” said Aakin Patel, former CISO of Las Vegas’ airport. “That makes them a prime target for social engineering-based breaches.”

Scattered Spider first gained widespread notoriety in 2023 after compromising major casino chains like MGM Resorts and Caesars Entertainment. Their tactics have remained consistent: target one sector at a time and apply relentless pressure. This month alone, they’ve also been tied to breaches of Aflac and supermarket conglomerate Ahold Delhaize USA.

As investigations continue, experts warn that the aviation industry must bolster its cyber defenses, especially around help desk authentication and contractor access management. With millions of travelers relying on airlines during the busy season, the stakes for protecting customer data and maintaining operational continuity have never been higher.