A notorious cybercriminal organization, Scattered Spider, has turned its attention to the airline sector, the FBI is warning.
The bureau did not mention any airlines specifically in a June 27 announcement, but it came just a day after
Hawaiian Airlines reported a cybersecurity breach that impacted its IT
systems.
The FBI said Scattered Spider often
impersonates employees or contractors to deceive IT help desks into
granting access to internal systems. It said the organization targets large corporations and their
third-party IT providers, meaning anyone in the airline ecosystem,
including vendors and contractors, could be at risk.
"Once inside, Scattered Spider actors steal sensitive data
for extortion and often deploy ransomware. The FBI is actively working
with aviation and industry partners to address this activity and assist
victims," the agency said.
Earlier attacks on tourism entities
Scattered Spider is believed to have hacked MGM Resorts International and Caesars in the late summer of 2023, extorting a $15 million payment from Caesars. The group has also targeted the financial services sector, among other industries.
• Wheels Up: A funny thing happened on my way to Athens
Hawaiian has not provided details on which systems were attacked or how the airline has been affected, though it did say that flights were not impacted.
Canada's WestJet was the victim of a June 13 cybersecurity breach. That attack impacted internal WestJet systems as well as its app and website and sparked larger concerns about WestJet data security.