Back to Travel News
Last Updated: Jul 09, 2025
Share

FBI Warns Airlines of Social Engineering Attacks by Scattered Spider

image

On June 28, 2025, the FBI issued a warning about the cybercriminal group Scattered Spider (also known as UNC3944 or Muddled Libra) actively targeting the airline industry.

“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts. Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the FBI stated in their alert.

WestJet (June 13), Hawaiian Airlines (June 26), and Qantas (June 30) have reported recent cyber incidents. In each case, Scattered Spider is the main suspect due to the similar impersonation-based approach that included voice phishing, third-party platform compromise, and standard MFA bypass.

Despite breaches in IT systems, all affected carriers report no impact on flight safety or service continuity.

Charles Carmakal, CTO at the cybersecurity firm Mandiant, urged the industry to “immediately take steps to tighten up their help desk identity verification processes prior to adding new phone numbers to employee/contractor accounts (which can be used by the threat actor to perform self-service password resets), reset passwords, add devices to MFA solutions, or provide employee information (e.g. employee IDs) that could be used for a subsequent social engineering attacks.”

Scattered Spider emerged in 2022 and went from SIM swaps and telecom fraud to casino ransomware and global retail disruption. Now, as we can see, the airline industry is the new target.

Travel Related

Wide expertise within the travel domain and beneath it. See all Insights