FBI issues alert for cyberattacks on U.S. airlines during peak travel season for July 4th

The Federal Bureau of Investigation (FBI) has issued a serious cyber alert following the detection of a wave of attacks targeting airlines, airports, and suppliers in the aviation sector in the United States.

"The FBI is actively working with aviation and industry partners to address this activity and assist the victims," the agency stated in an official release.

The criminal group responsible, known as Scattered Spider, has raised alarms throughout the entire air transport ecosystem.

This warning comes on the eve of July 4th, Independence Day, one of the most significant dates on the American calendar.

Millions of people are preparing to travel, airports are recording record traffic numbers, and the tourism industry is experiencing one of its busiest periods.

Amid this intense season of mobility, the digital threat adds a new level of concern for authorities, operators, and travelers.

Scattered Spider: a new generation of cybercriminals

Scattered Spider is not just any group. It is a decentralized network of young hackers with high technical knowledge and a very clear strategy: to exploit human vulnerabilities through social engineering.

This collective —also known by other aliases such as Muddled Libra, Octo Tempest, and Oktapus— is part of a larger structure called "The Com," which includes collectives like LAPSUS$ and recruits members from Discord and Telegram forums.

What sets Scattered Spider apart is not so much its technical ability but its psychological cunning.

The FBI warned in its recent statement that “these actors rely on social engineering techniques, often impersonating employees or contractors to deceive technical support departments and gain access.”

Yes, they don't need to breach systems with sophisticated malware: a convincing call to customer service is enough to open the doors to a corporate network.

Objectives and Scope: Airlines Under Pressure

In recent weeks, this group has focused its offensive on the commercial aviation industry, affecting both airlines and associated technology contractors.

“El hack has not affected the security of airlines, but it has put the chief cybersecurity executives of major airlines in the United States on high alert,” reported CNN, noting that the group’s goal is not to disrupt flights, but to extort companies by stealing confidential data and deploying ransomware.

The FBI confirmed that Scattered Spider "targets large companies and their IT contractors," which significantly broadens the range of risk within the ecosystem.

“Once inside the victim's network, attackers… steal confidential data for extortion and often implement ransomware,” the agency detailed.

Among the airlines that have confirmed being targeted by this campaign are:

-Hawaiian Airlines, which stated it is evaluating the consequences of the attack.

-WestJet, Canadian airline that experienced a disruption in digital services, including its app.

Neither airline formally identified Scattered Spider as the author, although sources close to the investigation confirmed to CNN the connection to this group.

The most concerning issue is that new victims could emerge in the coming weeks, given the expansive and persistent nature of these attacks.

Why now? A sector in complete vulnerability

The timing is not coincidental. Summer is the peak travel season in the U.S., and July 4th marks one of the busiest periods for air travel.

Any disruption, even a minor one, can trigger a domino effect on the itineraries of millions of passengers.

The FBI has acknowledged that this offensive coincides with increased exposure of the sector to operational demand.

Furthermore, it is not just about airlines. As Jeffrey Troy, president of Aviation ISAC, stated, “our members are very alert to attacks from individuals with economic motivations and the collateral consequences arising from geopolitical tensions around the world.”

This statement makes it clear that the threat is systemic and not limited to a handful of isolated companies.

The method: manipulation, impersonation, and double extortion

The approach of Scattered Spider is based on targeting the most vulnerable points of any system: the people.

Their strategy includes:

-Identity theft (vishing): they call help desks pretending to be employees or executives.

- Avoid multifactor authentication (MFA): they convince IT staff to add unauthorized devices.

- Meticulous social engineering: they research their victims beforehand to appear legitimate.

The technology portal BitLife Media explained how, in a recent case, the group successfully impersonated a CFO after weeks of gathering public data and prior leaks.

"Once this gateway is achieved, the attack chain can escalate in a matter of hours," the portal stated.

This speed of execution, combined with a decentralized and adaptable network, makes it extremely difficult to stop attacks once they have begun.

Reaction of the sector and containment measures

The response has mobilized the entire industry. Cybersecurity teams from U.S. airlines are working closely with specialized firms like Mandiant, owned by Google.

“The core tactics, techniques, and procedures of the actor have remained consistent,” stated Charles Carmakal, the company’s chief technology officer, who added that they have “knowledge of multiple incidents in the airline and transportation sectors” related to Scattered Spider.

One of the key concerns is the vulnerability of customer service centers, which many airlines outsource or manage remotely.

"Akin Patel, former director of information security at Las Vegas's main airport, explained that airlines rely heavily on call centers for many of their support needs, which makes them 'a likely target for groups like this.'"

Beyond the aviation sector: a cross-cutting threat

This is not an isolated incident. Scattered Spider has conducted campaigns across multiple key sectors:

In September 2023, MGM Resorts and Caesars Entertainment were attacked, resulting in multimillion-dollar losses.

Recently, sensitive data from the insurance giant Aflac was compromised, including Social Security numbers and medical information.

-In the retail sector, they targeted Ahold Delhaize USA, the parent company of chains like Giant and Food Lion.

This pattern—intensely targeting a sector for weeks before pivoting to another—reveals a carefully orchestrated strategy aimed at taking advantage of moments of high operational dependency, such as the peak travel season.

Conclusion: How does one confront a threat like this?

The attacks by Scattered Spider represent a turning point. The aviation industry, traditionally focused on physical security, must now urgently address a digital threat that is growing in sophistication and scope.

Experts agree that solutions cannot rely solely on technology.

It is essential to enhance staff training, strengthen authentication protocols, and establish secure verification channels for technical support.

Furthermore, collaboration among private entities, intelligence agencies, and technology providers must be ongoing.

In the words of the FBI, the fight is not over: "The campaign is active and its impact could be devastating."

As millions of people board their flights this July 4th, the true journey undertaken by the aviation industry is towards comprehensive cybersecurity, where the greatest challenge is not the skies, but the invisible networks that support them.

Frequently Asked Questions about Cyberattacks on Airlines in the U.S.