FBI is persistently tracking a cyber-criminal group involved in the infiltration of Hawaiian Airlines' system
Hawaiian Airlines has disclosed a "cybersecurity incident" that has affected some of its IT systems, with flights continuing uninterrupted. The airline reported the incident to the U.S. Securities Exchange Commission three days earlier on June 23.
The Federal Bureau of Investigation (FBI) is currently investigating the incident, which is believed to be the work of an international group of cyber-thieves known as Scattered Spider. The group is notorious for using advanced social engineering tactics, including deepfake technology and insider impersonation, to gain access to sensitive systems.
The FBI has warned about a coordinated campaign by Scattered Spider targeting U.S. airlines, including Hawaiian Airlines. While Hawaiian Airlines has not confirmed a successful breach, the FBI's advisory highlights the group's persistence and technical sophistication.
Both Hawaiian Airlines and WestJet, another affected airline, are still assessing the fallout from the recent cyberattacks. The FBI is actively working with the aviation industry to address these threats and assist victims. The investigation is ongoing, with encouragement for early reporting to prevent further compromise.
If an organization suspects it has been targeted by Scattered Spider, it is advised to contact the local FBI office for assistance. The group is known to target large companies and their contracted IT help desks, engaging in data theft for extortion.
Scattered Spider is also responsible for the 2023 hack of MGM Resorts and Caesars Entertainment, costing the companies millions of dollars. The company has not confirmed if customer or corporate data was compromised in the recent incident.
Hawaiian Airlines, a subsidiary of the Alaska Air Group, is currently investigating the incident with third-party experts and relevant authorities. The immediate priority is to protect systems and data, ensure secure and safe operations, and share information as it becomes available.
The techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts. The FBI issued a national alert on the same day as Hawaiian Airlines' SEC disclosure, warning about Scattered Spider expanding its targeting to include the airline sector.
Between May and June, Scattered Spider hacked retailers including Marks & Spencer, Harrods, Cartier, Victoria's Secret, and Adidas, as well as insurance companies Aflac and Philadelphia Insurance Cos. The group is known to use BlackCat/ ALPHV ransomware, according to a Nov. 16, 2023, advisory from the FBI and the Cybersecurity and Infrastructure Security Agency.
FBI officials in Hawaii and Washington, D.C., declined to comment further on the ongoing investigation. Hawaiian Airlines' spokesperson, Alex Da Silva, stated that the airline immediately took steps to safeguard its operations and systems upon learning of the event.
The federal authorities are urging all airlines and their partners to be vigilant and to report any suspicious activities to the FBI. The aviation sector is advised to strengthen their cybersecurity measures to protect against such threats.
- In light of the ongoing FBI investigation on the cybersecurity incident affecting Hawaiian Airlines, which is suspected to be the work of the notorious international group Scattered Spider, data-and-cloud-computing security measures in the general-news sector, particularly the airline industry, are highly recommended to be strengthened.
- The recent events, such as the suspected cyberattack on Hawaiian Airlines and the previous hack of MGM Resorts and Caesars Entertainment, serve as a reminder that crime-and-justice entities like Scattered Spider often target large companies and their contracted IT help desks, requiring technology companies to prioritize data theft prevention and extortion measures.
