FBI warns Scattered Spider hackers are now going after airlines

News
By published

Scattered Spider is hunting for new victims in the US

A metal spider standing on a printed circuit board
(Image credit: Shutterstock)
  • Scattered Spider may be moving its focus to the US
  • The FBI has warned the airline and transport industry to remain vigilant
  • Two airlines have already been breached in June 2025

The Scattered Spider cybercriminals are now targeting US airlines and transportation after moving its crosshairs from UK retailers, the FBI and security firms are warning.

The group previously hit Marks & Spencer, Co-op, and Harrods causing widespread system outages and empty shelves.

The FBI advisory warns it had “recently observed” cyberattacks that shared similarities with the aforementioned attacks, with Google’s Mandiant and Palo Alto Networks’ Unit 42 echoing the bureaus’ warning.

Scattered Spider switches targets

The group’s members include English speaking young adults who are financially motivated. The group uses phishing and social engineering techniques to gain access to networks where they wreak havoc, steal data, and deploy ransomware. There is no organized structure to the group with the members being part of a wider organization known as “the Com”.

The FBI’s warning follows two cyber incidents affecting airlines this month. Hawaiian Airlines reported a cyberattack on June 26, and Canada’s WestJet released a notice that it had detected a cyber incident on June 13. The group could target other organizations directly, or breach third-parties in the supply chain to gain access.

“Anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the FBI statement warns.

“The FBI is actively working with aviation and industry partners to address this activity and assist victims. Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise. If you suspect your organization has been targeted, please contact your local FBI office,” the statement says.

Back in May 2025, Google’s Threat Intelligence Group (TIG) also warned that Scattered Spider was starting to move its focus over to the US.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.