A well-known hacking group called Scattered Spider is now going after airlines and companies in the transportation world, according to a new warning from the FBI and major cybersecurity firms.
This group isn’t new to the hacking scene — but their targets are shifting in a dangerous way.
Who’s Behind the Attacks?
Scattered Spider is a group made up mostly of young, English-speaking hackers. Some are believed to be teenagers or just in their early 20s. They’re not hacking for fun — they’re in it for money.
What makes them dangerous isn’t just their tech skills — it’s how they trick people.
They’re known for using social engineering, which means they pretend to be someone else to fool employees. Sometimes they send fake emails, other times they call company help desks and lie their way into systems.
In some cases, they’ve even used threats to get what they want.
Airlines in the Crosshairs
In a short statement released Friday, the FBI confirmed it has recently seen cyberattacks on airlines that match Scattered Spider’s known tactics.
Google’s security team at Mandiant and experts from Palo Alto Networks’ Unit 42 say they’ve seen the same signs: the group is clearly turning its attention to the airline industry.
This is serious because airlines rely on complex IT systems for nearly everything — booking tickets, planning flights, tracking luggage, and managing schedules.
If those systems are hacked, thousands of travelers could be affected in a matter of minutes.
Two Airlines Have Already Been Hit
The warning comes right after two real-world incidents:
- Hawaiian Airlines confirmed it was dealing with a cyberattack and working to secure its systems.
- WestJet, Canada’s second-largest airline, was attacked on June 13. That situation is still unfolding, and media reports say Scattered Spider might be behind it.
These aren’t isolated cases — they seem to be part of a growing pattern.
Why the Airline Industry Is at Risk
Airlines use a wide range of systems and work with many third-party vendors, from payment processors to baggage handlers.
That opens up more ways for hackers to sneak in.
The FBI warned that not just airlines, but anyone connected to them — like contractors and vendors — could be at risk. If you touch the airline ecosystem in any way, you’re a potential target.
That could include:
- IT support providers
- Call centers
- Reservation software vendors
- Maintenance partners
Scattered Spider’s Track Record
This isn’t the first time Scattered Spider has made headlines. In recent months, they’ve gone after:
- Major hotel chains
- Casino companies
- Insurance firms
- Retail businesses in the U.K.
- Big names in the tech industry
Each time, they found new ways to break in — often without even needing to “hack” in the traditional sense. Many of their attacks start with a simple phone call or email.
They’re good at fooling people, and that’s what makes them so effective.
How They Break In
Here’s a quick look at how Scattered Spider usually gets into systems:
- Phishing emails that look like messages from bosses or coworkers
- Fake support calls pretending to be employees or vendors
- Exploiting third-party vendors with weak security
- Deploying ransomware after gaining access
It’s not always about fancy coding. Sometimes, it’s just about making the right person believe the wrong thing.
What Companies Can Do Right Now
If you’re in the airline business — or work with anyone who is — it’s time to review your cybersecurity.
Here are a few simple steps companies should take:
- Train staff to spot fake emails and suspicious calls
- Double-check help desk requests, especially ones that seem urgent
- Use multi-factor authentication (MFA) wherever possible
- Limit vendor access to only what’s necessary
- Keep software updated to close security gaps
Cybersecurity isn’t just an IT issue anymore — it’s a business survival issue.
Final Thoughts: Transportation Needs to Stay Ahead
Scattered Spider’s shift to attacking airlines is a big red flag. These hackers are bold, organized, and smart. And if they can take down a major airline, they can cause real chaos.
Now more than ever, the transportation industry needs to treat cybersecurity as a top priority. The risk isn’t just lost data — it’s grounded flights, disrupted travel plans, and shaken customer trust.