CNN — A notorious cybercriminal gang known as Scattered Spider has breached the computer systems of multiple airlines in the US and Canada this month, according to the FBI and cybersecurity experts.While the attacks have not affected flight safety, they have alarmed cybersecurity teams at major airlines. The FBI confirmed that Scattered Spider specializes in extortion, stealing sensitive data, and sometimes deploying ransomware. The agency warned that not only airlines but also their vendors and contractors are at risk.The cyberattacks come at the height of the busy summer travel season and mark the third major US industry targeted by this group in the past two months, following successful hacks against insurance and retail companies.Hawaiian Airlines and Canada’s WestJet both acknowledged ongoing investigations into recent cyber incidents. Neither airline has named the attackers, but the FBI’s statement pointed to Scattered Spider. WestJet reported disruptions two weeks ago affecting its app and internal systems but said flights continued as normal.Experts say the limited impact on flight operations suggests strong internal network separations and effective contingency planning. Still, cybersecurity leaders across the aviation industry are on high alert. Jeffrey Troy, president of the Aviation ISAC, warned that all parts of the aviation ecosystem are seeing increased cyber threats, fueled partly by global geopolitical tensions.One of Scattered Spider’s favored tactics involves calling airline help desks while impersonating employees or customers to gain unauthorized access—a technique that has proven effective across many industries. “Call centers are critical for airlines and a likely target,” said Aakin Patel, former chief information security officer at Las Vegas’ main airport.Scattered Spider first drew widespread attention in 2023 with multimillion-dollar hacks on MGM Resorts and Caesars Entertainment. The group is known to focus on a single industry at a time, launching intense hacking campaigns over several weeks.Earlier this month, the group was linked to a cyberattack on insurance giant Aflac, and before that, it targeted major US retailers, including Ahold Delhaize USA, the parent company of Giant and Food Lion grocery chains.Cybersecurity firms such as Google-owned Mandiant are helping affected airlines respond and are urging improvements in defenses around call centers and IT infrastructure. “Their tactics and techniques remain consistent,” said Mandiant CTO Charles Carmakal, confirming that the firm is investigating multiple recent incidents in the airline and transportation sectors.The FBI says it continues working with airlines and industry partners to respond to these attacks and assist victims.
