The aviation industry is once again on high alert following a cyber incident at Hawaiian Airlines and growing warnings about an aggressive cybercrime group known as Scattered Spider. This incident underscores a concerning trend of targeted attacks on the airline and transportation sectors — a shift that cybersecurity professionals and government agencies are now tracking closely.
Who is Scattered Spider?
Scattered Spider, also known by its Mandiant tracking name UNC3944, is a well-known and highly active cybercriminal group. The group has previously been linked to high-profile attacks on retailers and insurance companies, and now appears to be shifting its focus to critical infrastructure sectors — particularly aviation.
FBI, Mandiant, and Palo Alto Networks Issue Urgent Warning
Over the past weekend, the FBI, along with Google Cloud’s Mandiant and Palo Alto Networks, issued coordinated alerts to the aviation and transportation industries. According to the FBI, Scattered Spider has expanded its operations to include airlines, and is likely using social engineering tactics — such as impersonation or manipulating IT help desks — to infiltrate systems.
- “Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise,” the agency stated.
Mandiant’s CTO, Charles Carmakal, added that they are currently investigating multiple incidents in the transportation sector that resemble the tactics of Scattered Spider. Although attribution is still in progress, the group’s behavior remains consistent:
- “Organizations can take proactive steps like training help desk staff to enforce strong identity verification and implementing phishing-resistant MFA,” Carmakal said.
✈️ Hawaiian Airlines: Latest Victim of a Cyber Incident
On Friday, Hawaiian Airlines — a subsidiary of Alaska Air Group — disclosed a cybersecurity incident affecting certain internal IT systems. In a statement to the SEC, the company emphasized that flight operations remain unaffected and safe.
- “Upon learning of this event, we immediately took steps to safeguard Hawaiian’s operations and systems. We have engaged the relevant authorities and experts to assist in our investigation and ongoing remediation efforts.”
While Scattered Spider has not been officially confirmed as the attacker, the timing and nature of the incident align with their recent activity. Investigations are still ongoing.
✈️ Other Airlines Affected
The warning comes after several other airlines have experienced cyber disruptions in recent weeks:
-
WestJet (Canada): Confirmed a cyberattack that affected internal systems and digital services — while flight operations continued without interruption.
-
American Airlines: Reported a “technology issue” that affected system connectivity and caused delays, though no flights were canceled. It remains unclear if the issue was caused by a cyberattack.
🛡️ What Should the Aviation Sector Do?
Scattered Spider is known for exploiting weak identity verification processes and poorly protected systems. Organizations — especially those in aviation, logistics, and transport — should:
-
Train support and help desk teams in social engineering awareness
-
Implement phishing-resistant multi-factor authentication (MFA)
-
Restrict access for third-party vendors and contractors
-
Monitor unusual logins and device behaviors
-
Conduct regular security audits and penetration tests
📢 Stay updated on the latest cyber threats and industry best practices by following the Jypragroup blog.
🔒 Because cybersecurity isn’t optional — it’s critical.
