FBI Warns ‘Airline Ecosystem’ of the Scattered Spider Group

The FBI is warning the aviation industry that an infamous cybercriminal group, known as Scattered Spider, may be out to get it. The hackers are allegedly tricking airlines’ IT support into giving them access to sensitive data.

The group gained notoriety in 2023 after breaching MGM Resorts and Caesars Entertainment within days of each other. Their method, while seemingly effective, isn’t particularly high-tech: they rely on social engineering, posing as employees or contractors to manipulate IT support into giving them access to sensitive systems. From there, they bypass multi-factor authentication (MFA), add unauthorized devices, reset passwords, and steal data or deploy ransomware once inside.

"These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts,” the agency stated.

According to the FBI, no direct impact on flight safety has been reported so far. Still, “anyone in the airline ecosystem” could be a target, including third-party IT providers and contractors.

Cybersecurity experts have reported incidents consistent with Scattered Spider’s tactics across the transportation sector. Their recommendation is to lock down identity verification procedures, especially when help desks are asked to modify MFA setups or reset credentials.

WestJet and Hawaiian Airlines have both recently reported cybersecurity incidents affecting their internal systems, though neither confirmed whether Scattered Spider was involved.

While there’s no indication these attacks have disrupted flight operations, the concern is clear: modern airlines rely on extensive digital infrastructure, and trust-based systems are proving to be vulnerable. The hackers aren’t breaking down firewalls… they’re just calling customer service and asking politely.

FMI: www.fbi.gov