FBI Warns of Scattered Spider’s Expanding Attacks on Airlines Using Social Engineering

The FBI has issued a warning that the notorious cybercrime group Scattered Spider is expanding its operations to target the airline industry, using sophisticated social engineering techniques to bypass security measures. The group typically impersonates employees or contractors to deceive IT help desks into granting unauthorized access, often convincing staff to add rogue multi-factor authentication devices to compromised accounts or reset passwords. Security firms including Palo Alto Networks’ Unit 42 and Google’s Mandiant have confirmed multiple incidents in aviation and transportation sectors, with Scattered Spider also known to target third-party IT providers to gain access to larger organizations. A recent ReliaQuest report detailed how the group successfully breached an organization by targeting its CFO through extensive reconnaissance and social engineering, ultimately gaining access to over 1,400 secrets from a CyberArk password vault and engaging in destructive activities when detected. The group, which overlaps with threat clusters like Muddled Libra and Octo Tempest, represents an evolution in ransomware risk by combining deep social engineering with technical sophistication, highlighting the critical need for organizations to strengthen identity verification protocols and reduce reliance on human-centric workflows that can be manipulated by attackers.​​​​​​​​​​​​​​​​