Particle.news

Download on the App Store

Scattered Spider Turns Focus to Airlines With WestJet and Hawaiian Breaches

An FBI alert warns that Scattered Spider exploits help-desk processes coupled with MFA flaws to breach airline networks.

Travelers at a Westjet check-in counter in Toronto Pearson International Airport on June 30, 2024.
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel Kopczynski/Illustration/File Photo
A Hawaiian Airlines Airbus A330-200 takes off at San Francisco International Airport, San Francisco, California, February 16, 2015.
A Hawaiian Airlines plane en route to Honolulu on March 15, 2025.

Overview

  • Cybersecurity leaders at Google’s Mandiant and Palo Alto Networks’ Unit 42 have confirmed multiple incursions into North American airline and transportation systems this month.
  • WestJet reported a June 13 attack that affected its internal services and mobile app, while Hawaiian Airlines disclosed a June 23 intrusion that left flights operating normally.
  • Operators linked to Scattered Spider use advanced social engineering techniques, performing fraudulent password resets and unauthorized MFA registrations to gain network access.
  • The FBI alert urges airlines to strengthen help-desk identity verification, secure self-service password reset platforms and monitor for suspicious multi-factor authentication requests.
  • American Airlines is experiencing an IT outage of unknown origin, but the FAA states there has been no safety impact and investigations into a possible cyber link are ongoing.