FBI and Tech Firms Warn Airlines of Rising Scattered Spider Cyber Threat

Cyber-security researchers at Google’s Mandiant, Palo Alto Networks’ Unit 42, Microsoft and CrowdStrike say the hacking collective known as Scattered Spider — also tracked under the names Octo Tempest and UNC3944 — has shifted its focus to the aviation industry after a string of attacks on casinos, retailers and insurers. The group, which relies heavily on phone-based social-engineering to bypass multi-factor authentication and seize administrator accounts, is accused of deploying ransomware, stealing data for extortion and hijacking VMware ESXi hypervisors to paralyse critical systems. The U.S. Federal Bureau of Investigation echoed those concerns in a late-June bulletin that urged domestic airlines and their IT providers to harden defences and report suspected breaches promptly. CrowdStrike researchers have since tied a data-theft incident at Qantas to the gang, while Hawaiian Airlines and WestJet have disclosed separate cyber events that remain under investigation. Although no direct link has been established, the warnings come as Russia’s flag-carrier Aeroflot cancelled more than 40 flights on 28 July after an unexplained failure in its information systems, prompting lengthy queues at Moscow’s Sheremetyevo airport. The episode underscores the operational disruption a well-timed cyberattack can inflict on an airline network that last year carried 55.3 million passengers.