Overview

• The FBI issued an alert on June 26 confirming that Scattered Spider has expanded its social engineering attacks to the aviation sector to bypass multifactor authentication via help-desk deception.
• WestJet reported a mid-June IT intrusion and Hawaiian Airlines disclosed a June 23 cybersecurity event, with both carriers maintaining normal flight operations.
• Mandiant and Palo Alto Networks’ Unit 42 have identified multiple incidents in the airline and transportation sector that match Scattered Spider’s phishing and help-desk bypass tactics.
• Official advisories from the FBI and CISA call for immediate employee training on social engineering and strict protocols for adding MFA devices and resetting credentials.
• Security experts warn that Scattered Spider’s loosely affiliated teen membership and potential integration of AI-driven methods may accelerate its ability to exploit trust networks across industries.