Could airlines be the new target for hacking group Scattered Spider?

ITV News

03-07-2025

It was the hacking group linked to both the M&S and Co-op cyber attacks, but it appears Scattered Spider has a new sector in its sights.
Initially targeting retail companies, the group now appears to be setting its sights on the aviation industry.
In the US, the Federal Bureau of Investigation recently posted on the social media platform X, raising the alarm.
Both Google and the US cybersecurity company Palo Alto Networks have also warned of the potential threat.
In a statement posted on LinkedIn, Sam Rubin of Palo Alto said that the company has "observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry".
Google experts reported similar findings. Charles Carmakal, an executive for Google's cybersecurity unit, said the company was "aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider".
No references were made to any specific airlines, but recently Canadian airline WestJet, Hawaiian Airlines and Qantas have all suffered from cyber attacks.
The airlines have not released any details on potential links between the incidents and Scattered Spider, but the hacking group has been blamed for some of the most disruptive hacks across the UK and US in recent memory.
Who are Scattered Spider?
According to America's Cyber Defence Agency, Scattered Spider is a cybercriminal group that targets large companies and their IT help desks.
Scattered Spider members have typically engaged in data theft for extortion and have been known to use BlackCat/ALPHV ransomware.
The group initially dabbled in financial fraud and social media hacking but has become more advanced, conducting data breaches and stealing cryptocurrency.
Some of its members are as young as 16 years old and meet on hacking forums, discord servers and Telegram channels.
Why the aviation sector?
ITV News spoke to cyber security expert Graham Cluley about the reasons why the aviation sector is likely on the target list.
"Airlines and firms in the aviation industry consist of an attractive cocktail of critical infrastructure, sometimes outdated tech, and massive customer databases that can prove irresistible to hackers," he said.
"Many aviation industry businesses still rely on legacy systems bolted onto newer platforms, which determined hackers like Scattered Spider love to exploit.
"Plus, of course, with the summer holidays about to begin and many travellers planning to jet overseas, hackers will view that as a greater incentive than ever for airlines to pay up, rather than cause chaos for their customers."
A spokesperson for the UK Civil Aviation Authority (CAA) told ITV News: 'We are aware of rumoured activity. We are in contact with the National Cyber Security Centre and have warned our industry contacts about this group and the techniques they use.'
How can airlines be better equipped to deal with potential threats?
Mr Cluley said airlines need to harden their defences to prevent attacks like this from happening.
"Many hackers break into systems via stolen or phished credentials," he explained.
"Scattered Spider, for instance, has often used the ploy of posing as employees who have been locked out of their accounts, and tricking service desks into giving them access.
"Additionally, the air industry needs to keep a close eye on its third-party suppliers - especially those which have privileged access to its network or data. Supply chain attacks are a favourite amongst hackers."
"Hopefully businesses in the air industry are also 'hacking themselves' - in other words, simulating the methods used by hackers to find weaknesses in their systems before they are exploited by cybercriminals," he continued.
"Finally, there's a lot to be said for staff training - educating them about how hackers trick staff into making mistakes that can result in a cyber attack succeeding."
As a customer, it's important to ensure you have the best measures in place to protect yourself if an airline is targeted.
"It's the airline that gets hacked, not you," Mr Cluley said. "But it might be your data that ends up in the hands of cybercriminals".
He recommends using unique, strong passwords and advises customers not to use the same password for different places on the internet.
"Where possible, enable multi-factor authentication (also known sometimes as two-factor authentication)," he said.
He also said that paying with a credit card makes it easier to get your money back if fraud occurs.
He added: "You may also be wise to use a 'virtual card' which has a lower spending limit on it or can be locked to a specific merchant.
"Some banks offer this facility - making it possible to create a unique card number that is linked to your real account but cannot be reused elsewhere. If a travel site or airline is breached, your actual credit card number isn't exposed."