The FBI has recently observed the cybercriminal group Scattered Spider expanding its activities to target the airline sector. These actors rely on social engineering techniques, frequently posing as employees or contractors to deceive IT help desks into granting them access.
Such methods often involve attempts to bypass multi-factor authentication (MFA), for example by persuading help desk staff to add unauthorised MFA devices to compromised accounts. The group typically targets large corporations and their third-party IT providers, which means any organisation within the airline ecosystem, including trusted vendors and contractors, could be at risk.
Once inside a network, Scattered Spider actors steal sensitive data for extortion purposes and frequently deploy ransomware. The FBI is working closely with aviation stakeholders and industry partners to address this threat and support affected organisations.
