A sophisticated group of cybercriminals known as Scattered Spider has significantly expanded its target scope, increasingly focusing on the aviation sector. Previously notorious for targeting telecom, business process outsourcing, and technology companies, these threat actors are now posing a substantial risk to airlines, airports, and related services.
Scattered Spider is highly skilled in techniques like SIM swapping and advanced social engineering. They often gain initial access by acquiring stolen credentials, then use manipulative tactics to bypass multi-factor authentication (MFA bypass). Their goal is typically to infiltrate corporate networks, move laterally, and exfiltrate sensitive data, often with the intent of extortion rather than traditional encryption-based ransomware.
The shift towards the aviation sector highlights the group’s adaptability and pursuit of high-impact targets. Disrupting or compromising operations within this critical infrastructure could have severe consequences, including operational delays, safety risks, and the exposure of highly sensitive passenger or company data. The group’s ability to blend technical prowess with human manipulation makes them particularly difficult to defend against. Organizations in the aviation sector must prioritize robust cybersecurity defenses, including strong authentication measures, employee training to recognize social engineering attempts, and incident response planning to mitigate the growing threat posed by these aggressive actors.
Source: https://go.theregister.com/feed/www.theregister.com/2025/06/30/scattered_spider_aviation/
