An aggressive wave of cyberattacks has struck the aviation sectors in both the United States and Canada, with cybersecurity experts and the FBI identifying the threat actor as "Scattered Spider", a sophisticated cybercriminal group known for data extortion and ransomware attacks.
While the breaches have not compromised flight safety, they have raised serious concerns across major airlines, triggering emergency responses from top cybersecurity executives amid the busy summer travel season.
The FBI confirmed that the attackers have infiltrated computer systems of several North American airlines, targeting not just airlines themselves but also their trusted IT vendors and subcontractors, exposing a wide swath of the aviation ecosystem to potential risk.
Tactics of Infiltration: Impersonation and Ransomware
According to a federal statement issued Saturday night, Scattered Spider’s hallmark tactics include impersonating employees or customers through help desks to gain access to internal networks. Once inside, they exfiltrate sensitive data for blackmail or release, often deploying ransomware to lock systems and pressure companies into paying.
Two carriers, Hawaiian Airlines and Canada's WestJet, confirmed ongoing assessments of cyber incidents, though neither explicitly named the group responsible. WestJet said the issue began two weeks ago and impacted customer-facing systems, including its mobile app. Both airlines reported that flight operations were unaffected.
Former Las Vegas airport chief information security officer Akin Patel suggested that the limited operational disruption reflects strong network segmentation and disaster preparedness.
A Broader Threat to the Travel Industry
This marks the third major U.S. business sector hit by Scattered Spider in the past two months, following prior attacks on insurance and retail industries. Experts warn the group tends to focus on one sector at a time, launching sustained campaigns over weeks.
“The attackers are financially motivated, but the fallout often extends beyond economics—especially when travel and public infrastructure are involved,” said Jevvy Troy, head of the Aviation Information Security Experts Association (AISEA). He added that geopolitical tensions may be indirectly contributing to the rise in cyberattacks.
Cybersecurity Community on Alert
U.S. cybersecurity firm Mandiant, a subsidiary of Google, is assisting with incident response and recovery efforts. Mandiant’s CTO, Charles Carmakal, confirmed the company is investigating multiple aviation and transportation-related breaches that mirror Scattered Spider’s techniques.
In internal briefings obtained by CNN, cybersecurity teams were advised to strengthen defenses at customer service centers, which are especially vulnerable due to heavy reliance on call center infrastructure—a known entry point exploited by the group.
Scattered Spider gained international notoriety in September 2023, after orchestrating multimillion-dollar breaches of MGM Resorts and Caesars Entertainment in Las Vegas. Earlier this month, they were also suspected in an attack on U.S. insurance giant Aflac, which may have compromised Social Security numbers and sensitive health data.
Ongoing Vigilance Required
As airlines and tech vendors race to plug security gaps, officials warn that more victims could emerge. “We are continuing to assist affected organizations and monitor the situation closely,” the FBI said in a statement.
With summer travel surging, the aviation industry now finds itself at the intersection of digital vulnerability and public confidence, as cyberattacks grow increasingly targeted, coordinated, and consequential.
Follow the latest news on Google News
