The U.S. Federal Bureau of Investigation (FBI) has reported that the cybercrime group Scattered Spider is expanding its operations to target the airline industry. In response, the agency is working closely with aviation stakeholders and industry partners to counter the threat and support affected organizations.
“These attackers use social engineering tactics, often posing as employees or contractors to trick IT help desks into granting account access,” the FBI said in a post on X. “They frequently bypass multi-factor authentication (MFA) by persuading support staff to register unauthorized MFA devices on compromised accounts.” Scattered Spider is also known for exploiting third-party IT service providers to infiltrate large enterprises, putting vendors and contractors at risk. Their attacks often lead to data breaches, extortion, and ransomware deployment.
Sam Rubin of Palo Alto Networks’ Unit 42 confirmed on LinkedIn that the group has launched attacks against the aviation sector, urging organizations to remain on “high alert” for advanced social engineering and unusual MFA reset attempts. These incidents reflect a broader shift in cyber threats: social engineering has evolved far beyond phishing emails. Today’s identity-based attacks involve coordinated strategies—such as SIM swapping, vishing, and privilege escalation—that can rapidly dismantle layered defenses.
For many organizations, the solution doesn’t start with new tools—it starts with strengthening internal procedures, particularly those governing help desk access and account recovery. When identity decisions depend on human judgment, effective training using real-world scenarios becomes critical.