- Scattered Spider may be moving its focus to the US
- The FBI has warned the airline and transport industry to remain vigilant
- Two airlines have already been breached in June 2025
The Scattered Spider cybercriminals are now targeting US airlines and transportation after moving its crosshairs from UK retailers, the FBI and security firms are warning.
The group previously hit Marks & Spencer, Co-op, and Harrods causing widespread system outages and empty shelves.
The FBI advisory warns it had “recently observed” cyberattacks that shared similarities with the aforementioned attacks, with Google’s Mandiant and Palo Alto Networks’ Unit 42 echoing the bureaus’ warning.
Scattered Spider switches targets
The group’s members include English speaking young adults who are financially motivated. The group uses phishing and social engineering techniques to gain access to networks where they wreak havoc, steal data, and deploy ransomware. There is no organized structure to the group with the members being part of a wider organization known as “the Com”.
The FBI’s warning follows two cyber incidents affecting airlines this month. Hawaiian Airlines reported a cyberattack on June 26, and Canada’s WestJet released a notice that it had detected a cyber incident on June 13. The group could target other organizations directly, or breach third-parties in the supply chain to gain access.
“Anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the FBI statement warns.
“The FBI is actively working with aviation and industry partners to address this activity and assist victims. Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise. If you suspect your organization has been targeted, please contact your local FBI office,” the statement says.
Back in May 2025, Google’s Threat Intelligence Group (TIG) also warned that Scattered Spider was starting to move its focus over to the US.
Leave a comment