The cybersecurity world remains intensely active, and one of the most significant concerns is the latest move by the notorious hacking group, Scattered Spider, which has shifted its focus to targeting the aviation industry, considered a critical national infrastructure.
Recent information from cybersecurity experts at Google (Mandiant) and Palo Alto Networks (Unit 42) confirms this alarming trend.
From Retail to Aviation: Escalating Attack Targets
Previously, Scattered Spider, also known as Muddled Libra and UNC3944, gained notoriety for attacking retail companies and insurance firms. They also caused disruption in Las Vegas by attacking MGM Resorts and Caesars Entertainment in 2023, in collaboration with the BlackCat/ALPHV ransomware group.
However, this year, the group has turned its attention to the aviation sector, which stores vast amounts of critical data, such as passengers' personal information and credit card details.
Recent Attacks: Hawaiian Airlines and WestJet
Alarm bells began to ring with the attack on Hawaiian Airlines on June 23, 2025, which affected some of its IT systems, though flights continued to operate normally. A few days prior, WestJet, Canada's second-largest airline, reported a similar attack on June 13, 2025, causing disruptions to its website and mobile application.
While both airlines have not yet confirmed all details, including whether ransomware was used or customer data was stolen, experts like Charles Carmakal, CTO of Mandiant Consulting, and Sam Rubin from Unit 42, confirm that these incidents bear the hallmarks of Scattered Spider's operations and urge the aviation sector to prepare.
A Strategy to Watch Out For: Social Engineering in the Guise of IT Help Desk
Scattered Spider excels in using Social Engineering, a sophisticated deception technique. They often impersonate IT Help Desk personnel to trick employees of target organizations into revealing login credentials or other critical information, which serves as their primary means of gaining access to internal systems.
This type of attack highlights that even the most robust security systems can be rendered ineffective if employees lack awareness and cannot identify deceptive tactics.
Urgent Recommendations for Organizations and the Aviation Sector
Given the current situation, experts have provided crucial recommendations for all organizations, especially in the aviation and transportation sectors:
- Strengthen Identity Verification Processes: Train IT staff to strictly adhere to user identity verification procedures to prevent external parties from impersonating legitimate users.
- Implement Phishing-Resistant Multi-Factor Authentication (MFA): The use of strong MFA is critically important to add an extra layer of protection against unauthorized system access, even if login credentials are stolen.
- Maintain Vigilance and Awareness: Encourage employees at all levels to be aware of Social Engineering attacks and recognize various techniques, such as unusual password reset requests.
The incidents affecting airlines across North America serve as a reminder that cyber threats are constantly evolving. Proactive defense, readiness, and enhancing the understanding of personnel within the organization are crucial safeguards that protect businesses from increasingly sophisticated and targeted hacking groups.