What We Know About 'Scattered Spider', The Group Behind Airline Cyberattacks

Last Updated:July 03, 2025, 19:34 IST

The victims so far include WestJet (Canada), Hawaiian Airlines (USA), and Qantas (Australia)

In a public alert issued on 28 June, the FBI confirmed that it had observed Scattered Spider shifting its focus to the airline sector.

A wave of cyberattacks has hit major airlines across three continents in recent weeks, with growing evidence pointing to the notorious hacking group ‘Scattered Spider’. The victims so far include WestJet (Canada), Hawaiian Airlines (USA), and Qantas (Australia).

WestJet reported a cyber incident on 13 June, affecting internal systems and digital services such as its website and app. While flights continued operating, the airline warned of possible disruptions as it worked to resolve the issue

Hawaiian Airlines confirmed a “cybersecurity event" on 26 June that impacted certain IT systems. The airline assured the public that flight operations and passenger safety were unaffected, but that investigations were ongoing with the help of federal authorities.

Qantas disclosed a cyber breach on 30 June that compromised data from a third-party platform, impacting six million customers. Although no financial or passport data was exposed, the incident has raised concerns about data security in aviation supply chains, The Economic Times reported.

What Did The FBI Say?

In a public alert issued on 28 June, the FBI confirmed that it had observed Scattered Spider shifting its focus to the airline sector. The group, the FBI said, uses social engineering tactics, often impersonating employees or contractors, to trick IT help desks into giving them access to corporate systems.

These attackers are skilled at bypassing multi-factor authentication (MFA), sometimes by persuading help desks to add unauthorised MFA devices to compromised accounts.

“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk," the FBI wrote.

“Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. The FBI is actively working with aviation and industry partners to address this activity and assist victims," it added.

Who Are Scattered Spider?

Scattered Spider is not a traditional cybercrime gang. Experts believe it is a loosely organised group of mostly English-speaking teenagers, some as young as 16, based in the UK and US. They are thought to have met through online hacking forums and have become known for targeting high-profile companies with sophisticated attacks.

They operate under various aliases, including Starfraud, UNC3944, Muddled Libra, and Scatter Swine. Microsoft has also tracked them under the name Octo Tempest.

Their tactics go beyond ordinary phishing. Members have reportedly used SIM-swapping, MFA fatigue attacks, and OTP theft to gain full control over user accounts and internal systems.

In 2023, the group made global headlines by breaching both MGM Resorts and Caesars Entertainment within a week, stealing sensitive data and demanding ransom. Other major firms like DoorDash, Riot Games, and MailChimp have also been targeted.

United States of America (USA)

News world What We Know About 'Scattered Spider', The Group Behind Airline Cyberattacks