Cybersecurity experts and federal authorities are sounding urgent alarms as the notorious Scattered Spider hackers have pivoted to targeting the aviation and transportation sectors, marking a dangerous escalation in their operations.The FBI has confirmed that the cybercriminal group, also known as [UNC3944](https://cybersecuritynews.com/unc3944-hackers-evolves-from-sim-swap-to-ransomware/), has expanded its targeting to include the airline sector, employing sophisticated social engineering techniques to breach major carriers and transportation firms. The warning comes as multiple high-profile incidents have rocked the industry in recent weeks.Hawaiian Airlines [disclosed](https://gbhackers.com/hawaiian-airlines-targeted-in-cyberattack/) a significant cybersecurity incident on Thursday that affected some of its IT systems, though the carrier emphasized that flights continue operating safely and on schedule.The attack, first detected on June 23, prompted the airline to engage federal authorities and cybersecurity experts for investigation and remediation efforts.**Attack Targeting the** **Aviation Industry**———————————————-Canadian airline WestJet [faced](https://gbhackers.com/canadian-airline-westjet-suffers-cyberattack/) a similar incident last week that caused outages for some of its systems and mobile app. The attack, which began on June 13, remained unresolved for more than a week, with investigations ongoing to assess whether sensitive customer data was compromised. Multiple incident responders have attributed both attacks to Scattered Spider operations.Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, [confirmed](https://www.linkedin.com/posts/charlescarmakal_scatteredspider-unc3944-socialengineering-activity-7344421800702844931-pBt9/) that his company is ‘aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider.’ The group has demonstrated a consistent pattern of focusing intensively on single industries before moving to new sectors.’Given the habit of this actor to focus on a single sector, we suggest that the industry take steps immediately to harden systems,’ Carmakal stated. The FBI is actively working with aviation and industry partners to address this activity and assist victims, urging prompt reporting of suspicious activity.> ALERT—The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector. These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access…. [pic.twitter.com/gowmbsAbBY](https://t.co/gowmbsAbBY)> — FBI (@FBI) [June 27, 2025](https://twitter.com/FBI/status/1938746767031574565?ref_src=twsrc%5Etfw)Scattered Spider relies heavily on [social engineering](https://cybersecuritynews.com/tag/social-engineering/) techniques, often impersonating employees or contractors to deceive IT help desks into granting unauthorized access. These attacks frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.The group targets large corporations and their third-party IT providers, meaning anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk. Once inside networks, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.The aviation sector represents the latest target in Scattered Spider’s methodical campaign across industries. The group, believed to consist primarily of native English speakers from the United States and the United Kingdom, previously focused on retail companies before shifting to insurance firms earlier this month.Their English-speaking advantage gives them a significant edge in conducting convincing social engineering attacks against Western targets.Mandiant has published hardening [guidance](https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations) based on thousands of hours of incident response experience. The guidance emphasizes the urgent need for organizations to tighten help desk identity verification processes prior to adding new phone numbers to employee accounts, resetting passwords, or providing employee information that could enable subsequent social engineering attacks.Industry experts recommend training help desk staff to enforce robust identity verification processes and deploying phishing-resistant MFA to defend against these intrusions. Organizations should be particularly vigilant for sophisticated social engineering attacks and suspicious MFA reset requests.As Scattered Spider continues its aggressive campaign, the aviation industry faces an unprecedented cybersecurity challenge that demands immediate action to protect critical infrastructure and passenger data.Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions –> [**Try ANY.RUN now**](https://any.run/demo?utm_source=csn&utm_medium=article&utm_campaign=braodo_stealer&utm_content=demo_1&utm_term=250625)The post [Scattered Spider Hackers Actively Attacking Aviation and Transportation Firms](https://cybersecuritynews.com/scattered-spider-hackers-aviation/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
Octo Tempest
NAICS: 485 – Transit And Ground Passenger Transportation
NAICS: 484 – Truck Transportation
NAICS: 48 – Transportation
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 481 – Air Transportation
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 51 – Information
Associated Indicators: