FBI Alerts Airlines About Rising Threat from Casino Hackers

July 3, 2025

News

FBI Warns of Casino Hacker Group Targeting Airlines

The Federal Bureau of Investigation (FBI) has warned that the hacking group known as Scattered Spider, previously linked to attacks on casinos, is now focusing its efforts on airline companies. Their goal is to steal passenger information, gain control of company servers, and demand ransoms.

Scattered Spider Uses Social Engineering Against Airlines

This hacker group increasingly uses social engineering tactics to deceive airline employees. By pretending to be trusted insiders, they trick IT help desk staff into granting access to sensitive systems. The FBI explains that these attackers impersonate employees or contractors to manipulate IT support teams into bypassing security measures like multi-factor authentication (MFA). Often, they convince help desk workers to add unauthorized MFA devices to compromised accounts, allowing them to gain entry without raising alarms. This approach allows Scattered Spider to avoid trying to hack through robust MFA protections, instead exploiting human vulnerabilities in internal processes.

The Same Strategy Used Against Casinos Is Now Applied to Airlines

Scattered Spider’s tactics have remained consistent since their high-profile casino hacks in 2023, including attacks on MGM and Caesars. Their modus operandi is to steal sensitive data and then threaten the affected companies with its release unless a ransom is paid. Interestingly, if victims pay the ransom, the group typically does not leak the stolen information. This behavior helps maintain their credibility among criminals relying on ransom money — they need to be trusted to ensure future payments. Despite this, the FBI advises companies against paying ransoms and encourages reporting such incidents to law enforcement. Many companies, however, tend to hide these breaches or delay disclosure. For example, Caesars reportedly paid $15 million in ransom, whereas MGM refused to pay.

Airlines Are Frequent Targets Due to Valuable Data

According to the FBI, if firms collectively refused to pay ransoms, the incentive for criminal groups like Scattered Spider would diminish. However, as long as companies comply, the group has no reason to stop. Notable airline victims include Hawaiian Airlines, Delta Airlines, and Canadian carrier WestJet. Airlines are attractive targets because they store large amounts of sensitive customer data, which criminals can exploit for identity theft, financial fraud, or further cyberattacks. The FBI’s recommendation is for airlines to immediately notify authorities following any ransomware attack to improve chances of a successful response.