Scattered Spider Hacking Spree Continues With Airline Sector Attacks

June 30, 2025 – Published on Dark Reading

A new wave of attacks on organizations in the aviation sector by members of “Scattered Spider” has drawn fresh attention to what Microsoft and others consider one of the most dangerous financially motivated threat group’s currently active.

In a post on X on Friday, the FBI warned of Scattered Spider actors deploying their usual slick social engineering tricks — which include deceiving IT help desks into granting them access — to attack airline companies and their partners. “They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the FBI alert stated.

Once the attacker gains access to a victim environment they steal sensitive data for extortion purposes and also often deploy ransomware, the FBI said.

Security researchers point to several factors that makes Scattered Spider an extremely dangerous adversary. The biggest so far is the sophistication of the group’s social engineering tricks. In numerous attacks, members of the group have contacted help desks at target organizations, convincingly posing as employees and contractors, and talked them into adding a new multifactor authentication (MFA) device to a compromised account for instance.

“Scattered Spider represents a persistent and capable adversary whose operations have been historically effective even against organizations with mature security programs,” warns Grayson North, principal threat intelligence consultant at GuidePoint Security. “The success of Scattered Spider is not exactly the result of any new or novel tactics, but rather their expertise in social engineering and willingness to be extremely persistent in attempting to gain initial access to their targets.”

Read More HERE.