FBI & Security Firms Warn Cybergang Scattered Spider Moving Focus To Airlines

Recently, reports emerged that the cybercriminal group known as Scattered Spider was shifting its focus towards the insurance industry, after wreaking havoc on the U.K. and U.S. retail sector—a move that included a prolonged problem for Marks & Spencer and Hertz, as well as Harrods and Co-op.

“Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry,” said John Hultquist, Chief Analyst at Google Threat Intelligence Group.

Fortune 500 insurance company Erie Insurance was hit by the bad actors, with reports of unusual network activity, according to a regulatory filing.

“Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers,” Hultquist added.

Now, Scattered Spider’s focus has shifted to the airline industry.

As per the FBI (Federal Bureau of Investigation) and a host of cybersecurity firms, the infamous hacking group is aiming its nefarious activities towards airlines and the transportation sector. The FBI also said it had “recently observed” cyberattacks in the airline sector that resembled Scattered Spider’s modus operandi, according to a brief statement shared with TechCrunch.

The FBI said that the group will most likely go after large corporations and their third-party IT providers, which essentially spells that “anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.”


This warning was backed up by executives from Google’s Mandiant and Palo Alto Networks’ Cyber Threat Intelligence & Incident Response Division Unit 42.

Google Mandiant, which tracks the cyber gang as UNC3944, posted a warning, which read, “🚨 ALERT: Scattered Spider has added North American airline and transportation organizations to their target list. 🚨”

“We recommend that the industry immediately take steps to tighten up their help desk identity verification processes prior to adding new phone numbers to employee/contractor accounts (which can be used by the threat actor to perform self-service password resets), reset passwords, add devices to MFA solutions, or provide employee information (e.g. employee IDs) that could be used for a subsequent social engineering attacks,” continued an excerpt from Google’s post.

“Unit 42 has observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry. Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests,” said Unit 42.

Two airlines have already been caught in Scattered Spider’s web, with Hawaiian Airlines saying it was addressing a cybersecurity event that affected some of its IT systems, while Canada’s WestJet faced a lengthy issue with its digital environment. While neither company named Scattered Spider, sources familiar with the matter pinpointed the cause to the infamous cybergroup.


Ahead of this, American Airlines faced a widespread outage related to its flight information computer system, according to authorities at two affected airports, who told CNN. One included Miami International Airport.

The airliner said it was a “technology issue” that was “affecting connectivity” for some of its systems, which included a two-hour issue that hit flight bookings, check-in, ticketing and baggage tagging, and other functions.

“We are working with our partners to fully resolve the issue,” said American Airlines. “Though we are experiencing delays as a result, we have not canceled any flights at this time.”

The outage resulted in delays for 26% of American Airlines’ planes and 30% of its subsidiary PSA Airlines’ flights on Friday, as per information from FlightAware.

“The flight was supposed to takeoff at 10:22 (a.m. MT), the app now says 11:30 (a.m. MT), but that’s just a place holder. Pilot came on and said that AA’s electronic maintenance system is down and they can’t input whatever work was done on the plane and then accept it so therefore we’re stuck until that system comes back up,” said Jason Hass, an affected passenger in Arizona.

Do you think airplane companies should ground their planes until their systems are completely secure, considering the implications that failures could spell?

Let us know in the comments below!