FBI Sounds Alarm As Airline Cyber Threats Escalate

Less than a year after the spectacular cyber-triggered shutdown of Sea-Tac Airport, the FBI has issued an urgent and chilling new warning. On June 27, 2025, the agency declared that America’s airlines are under attack. Not from hijackers with boxcutters, but from cybercriminals with keyboards. And the timing is no coincidence. With global tensions escalating, the possibility of a devastating cyber event in aviation is no longer a remote risk. It is a real threat that must now be part of our national security calculus.

As former White House cyber advisor Tom Kellermann warned, “The cyber 9/11 is coming.”

Meet “Scattered Spider”

This warning was not buried in bureaucratic language or a quiet bulletin. It was issued plainly, publicly and with urgency. The FBI confirmed that Scattered Spider, one of the most dangerous and sophisticated cybercrime gangs operating today, is now targeting the airline industry. This group, already infamous for crippling MGM Resorts and Caesars Entertainment, has pivoted its tactics toward aviation.

Their strategy is simple and sinister. By impersonating airline employees or IT contractors, they trick help desks into bypassing multi-factor authentication. Once inside, they exfiltrate data and deploy ransomware across critical systems. According to Google’s Mandiant division, Scattered Spider excels at persistence, lateral movement and rapid escalation. “They can detonate ransomware within hours of breach,” said Mandiant CTO Charles Carmakal.

The Stakes Could Not Be Higher

This is not a drill. Over the past 60 days, a disturbing pattern has emerged:

• WestJet in Canada confirmed a cyberattack that disrupted internal systems and its mobile app
• Hawaiian Airlines reported a breach affecting non-critical IT operations
• Qantas disclosed that the personal data of over six million passengers was accessed in a call center platform breach

All of this comes on the heels of the August 2024 ransomware attack on Sea-Tac Airport, which forced port officials to disconnect critical systems, stranding nearly 1,400 passengers.

Let’s be clear. This is not about delayed boarding passes or missing loyalty points. Today’s air travel depends on deeply interconnected digital systems. Reservation systems, crew scheduling, maintenance tracking, flight planning and air traffic communication are all vulnerable. A breach in any one of them can ripple outward and cause catastrophic disruption.

What the FBI is signaling is a shift from isolated data theft to coordinated campaigns targeting aviation infrastructure. And Scattered Spider may just be the beginning. Experts warn that nation-state actors like China, Iran, Russia and North Korea are observing, learning and potentially preparing to strike. More importantly, non-state actors affiliated with Al Qaeda and ISIS, the same groups responsible for the 9/11 attacks, are undoubtedly watching as well. They have long viewed aviation as both a symbolic and strategic target and the rise of digital vulnerabilities gives them new avenues to exploit.

Could Terrorists Hijack A Plane Through Code

That is the question no one wants to ask aloud. While no attack to date has compromised flight-critical avionics, security researchers have demonstrated that aircraft systems could be targeted through satellite links, Wi-Fi networks, or compromised ground systems.

Modern planes are flying data centers. The same technologies that enable efficiency and automation such as real-time telemetry, remote diagnostics and automated cockpit integrations can also become potential attack surfaces. A hacked flight planning system or corrupted weather feed could ground planes or worse.

As cybersecurity strategist Theresa Payton put it, “The future of warfare will be about disrupting trust and sowing chaos in the systems we rely on every day. Aviation is right at the top of that list.”

Sea-Tac was a wake-up call. But what happens when a coordinated cyberattack strikes multiple major airports or airlines at once? For a chilling preview, watch the dystopian film Leave the World Behind, starring Julia Roberts and produced by former President Barack Obama and former First Lady Michelle Obama. In the story, a wave of cyberattacks collapses infrastructure, sparks global conflict and pushes civilization to the edge. It is fiction, but it is not far-fetched. The breadcrumbs are there and the warnings are real.

History Is Warning Us

This is not the first time the aviation industry has been tested:

• In 2015, hackers grounded 1,400 passengers in Warsaw by crashing LOT Airlines’ flight plan system
• In 2018, British Airways and Cathay Pacific suffered breaches exposing hundreds of thousands of passenger records
• In 2020, EasyJet disclosed that data on nine million customers had been compromised
• In 2024, Sea-Tac’s ransomware event shut down critical airport functions for days

Every one of these incidents revealed cracks in the aviation system. And each time, the industry promised reforms. But promises do not stop payloads. The adversary is better funded, more persistent and more creative than ever.

Six Actions That Must Be Done Now

The time for incremental fixes is over. The aviation industry must act boldly and immediately across six critical areas:

1. Redesign Identity Verification Processes: Most breaches begin with social engineering. Airlines must implement zero-trust architectures, verify identity through multiple independent channels and eliminate single points of failure. Help desks must be trained to recognize manipulation and resist pressure tactics.
2. Secure The Entire Ecosystem: The FBI’s warning was not limited to airlines. Vendors, contractors, call centers and outsourced IT firms are all part of the threat surface. Every third party must be held to the same standard. Require them to meet strict cybersecurity protocols, report breaches promptly and enforce robust multi-factor authentication.
3. Adopt And Enforce CMMC-Level Standards Across The Industry: Aviation is already considered critical infrastructure and must be treated accordingly. The industry should proactively adopt the Cybersecurity Maturity Model Certification framework and require its implementation across all airline systems and supplier networks. The airline industry has long been a global model for standardization, from flight safety to maintenance. This is your digital preflight checklist. Make it mandatory.
4. Segment And Harden Core Infrastructure: Critical flight systems must be isolated from public-facing applications. Outdated or vulnerable platforms should be patched, upgraded or retired. Emergency response plans must be tested and drilled with the same rigor as inflight safety protocols. Assume failure, then build resilience.
5. Report And Share Intelligence In Real Time: Silence helps the enemy. Airlines must embrace a culture of transparency, sharing threat intelligence in real time with FAA, TSA and CISA. The only way to outpace the attackers is through collective defense and constant communication.
6. Fund Cyber Resilience Like Safety: Cybersecurity is not just an IT function. It is national infrastructure defense. Boards, regulators and investors must fund cyber programs with the same urgency as they fund runway repairs or flight safety. Every dollar spent on digital defense is a dollar that protects passengers, preserves trust and prevents the next crisis.

Final Approach

The consequences are no longer theoretical. Without immediate action, we risk:

• Systemwide outages that ground fleets
• Breaches that expose millions of passengers
• An erosion of trust in the safety of air travel
• And in the worst case, a cyber-induced mass casualty event

That last scenario may sound extreme. But there was a time when hijacking four commercial aircraft and flying them into American landmarks was unthinkable too.

We are entering an era where a few lines of malicious code can do what bombs and bullets once did. This is not science fiction. It is the next frontier of terrorism and organized crime. As we remember those lost on 9/11, we must not forget the lesson of that day. Complacency is the co-pilot of catastrophe. The FBI is warning us. Breaches are happening. The time to act is now.