Scattered Spider Takes Flight: Inside the Cybercrime Group’s Move into Aviation

As the aviation industry becomes more digitally interconnected, its exposure to sophisticated cyber threats continues to grow. One of the most dangerous actors in this space—Scattered Spider, a financially motivated and technically skilled cybercrime group—has recently shifted its focus to target the aviation sector. With recent incidents involving Hawaiian Airlines, WestJet, and others, global concern is rising over the safety of airline IT systems, vendor infrastructure, and the broader aviation supply chain.

This episode unpacks how Scattered Spider operates, why the aviation industry is increasingly at risk, and what this means for cybersecurity readiness in one of the world’s most critical sectors. Known for its deep social engineering tactics, the group bypasses MFA, exploits IT help desks, abuses third-party vendor trust, and deploys ransomware in record time. As the FBI, CISA, and leading cybersecurity firms like Mandiant and Palo Alto Networks sound the alarm, airlines and their partners are being forced to rethink how they defend against these agile, persistent attackers.

In this episode, we cover:

• The evolving cyber threat landscape facing the aviation industry
• A breakdown of Scattered Spider’s tactics, including phishing, SIM swapping, and help desk impersonation
• How the group maintains persistent access using federated identity and RMM tools
• Suspected links between Scattered Spider and recent incidents at Hawaiian Airlines and WestJet
• The aviation supply chain as a prime vulnerability—why low-scoring vendors pose high risks
• Why airlines face a 2.9x greater breach risk when they fall below an 'A' cybersecurity rating
• ICAO's cybersecurity strategy pillars and what global coordination could look like in practice
• CISA’s mitigation guidance: offline backups, phishing-resistant MFA, patching, and more
• The role of third-party risk management and “security by design” in preventing future breaches
• Why the FBI discourages ransom payments—and what alternatives exist

This episode isn’t just a cautionary tale for airlines—it’s a wake-up call for any sector that relies on sprawling digital ecosystems and third-party providers. With Scattered Spider expanding its target footprint, now is the time for the aviation sector and its partners to elevate their defenses, harden human factors, and embrace a security culture built for the borderless age of cyberwarfare.