A recent surge in cyber threats has hit the global aviation industry, with three major airlines – WestJet (Canada), Hawaiian Airlines (USA), and Qantas (Australia) – confirming cyberattacks in the last three weeks. The notorious hacking group Scattered Spider is suspected to be behind these attacks.

A Wave of Attacks Across Continents

• WestJet reported a cybersecurity incident starting June 13, which affected internal systems and limited access to its app and website. The airline launched an investigation, engaged top-tier cybersecurity experts, and notified customers and authorities. Although operations remained stable, WestJet warned that some guests might experience intermittent digital service interruptions as they worked to resolve the issue.
• Hawaiian Airlines announced a “cybersecurity event” on June 26, affecting certain IT systems. The airline emphasized that flight operations and guest safety were not impacted, but it was working with federal authorities and cybersecurity specialists to assess the breach and restore affected systems. Hawaiian Airlines committed to providing updates as the investigation continues.
• Qantas confirmed a cyber incident on June 30, which compromised the data of approximately six million customers via a third-party customer service platform. Although the breach did not include financial or passport data, it highlighted the sector’s vulnerability to sophisticated cyber threats.

The Scattered Spider Threat

Scattered Spider, also known as UNC3944, is a loosely organized group of primarily English-speaking young men known for their advanced social engineering tactics. They specialize in tricking employees and contractors into granting access to sensitive systems, often using SIM swapping, phishing, and impersonation. Once inside, they may deploy ransomware or sell access to other cybercriminals.

Charles Carmakal, CTO of Mandiant (Google Cloud), noted: “Mandiant is aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider. The actor’s core tactics, techniques, and procedures have remained consistent, meaning organizations can take proactive steps like training help desk staff to enforce robust identity verification and deploying phishing-resistant MFA to defend against these intrusions.”

The FBI issued a warning on June 27, alerting the aviation industry that Scattered Spider is expanding its focus and that “anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk”. The agency urged early reporting of suspicious activity to facilitate rapid response and intelligence sharing across the sector.

Cybersecurity experts warn that these attacks are likely just the beginning. Airlines are attractive targets due to their vast stores of personal data, reliance on legacy IT systems, and complex networks of third-party vendors. The recent attacks have not disrupted flight operations but have exposed significant vulnerabilities in digital infrastructure.

As investigations continue, authorities and cybersecurity professionals are urging all airlines to strengthen digital defenses, enhance employee training, and implement multi-factor authentication to guard against increasingly sophisticated threats.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!