Casino Hackers Targeting Airlines, Says FBI
- 02 Jul 2025
- Gambling News
Scattered Spider, the group of cybercriminals responsible for extensive ransomware attacks on MGM Resorts International and Caesars Entertainment in 2023, is now focusing on another sector of travel and leisure: airlines.
In a recent warning, the FBI revealed a rise in activity by Scattered Spider targeting airlines, with the criminals employing social engineering tactics to trick employees into providing access to confidential information. Social engineering is a growing tactic of cyber theft that affects numerous industries and their consumers.
"These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts,” according to the FBI.
The law enforcement agency stated that it's collaborating with airlines and relevant partners to "tackle this behavior and support victims." The bureau urged businesses that think they have been affected by cyber intrusions to get in touch with law enforcement without delay.
Scattered Spider Returning to Its Old Habits
In the reported assaults on airlines, Scattered Spider seems to be employing a strategy akin to the one executed in 2023 against Caesars and MGM: gaining access to confidential data, intimidating the impacted companies with the potential release of that data, and anticipating that the corporations will pay instead of managing the complications of customer data being listed for sale on the dark web.
In 2023, Caesars and MGM were indeed extorted by the hackers. Caesars reportedly paid Scattered Spider $15 million to settle the matter. MGM did not cooperate, leading to a significant multi-day disruption of its technology systems throughout its network of domestic casinos.
Adding to those troubles were financial repercussions, such as a $100 million impact on MGM's earnings for the third quarter of 2023 and $10 million in non-recurring costs. The FBI advises ransomware victims against giving in to attackers, as paying them incentivizes these criminals to target additional businesses.
Airlines have not explicitly named Scattered Spider as responsible for crimes against them, but WestJet of Canada and Hawaiian Airlines faced recent cyberattacks, and Delta Airlines urged customers to change their passwords and other credentials.
Airlines Are Considered Reliable Targets
Similar to casino operators, airlines handle a large volume of highly sensitive customer information, including addresses, names, and numbers from government documents like driver's licenses or passports, among other details.
This is precisely the kind of information malicious groups like Scattered Spider seek to obtain, as businesses can face considerable reputational harm if they fail to stop cyber breaches and permit the exposure of customer data. Certain specialists think that if Scattered Spider is indeed targeting airlines, it simply represents a typical workday for the malicious individuals.
“Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology (IT) help desks. Scattered Spider threat actors, per trusted third parties, have typically engaged in data theft for extortion and have also been known to utilize BlackCat/ALPHV ransomware alongside their tactics, techniques, and procedures (TTPs),” according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
