The FBI’s latest warning reveals an ongoing – and potentially dangerous – operation by a known group of cyber criminals.

In an alert issued last week, the FBI said the group Scattered Spiral has expanded its efforts to target the airline sector. Similar warnings were issued by tech companies Google and Palo Alto Networks.

“The FBI is actively working with aviation and industry partners to address this activity and assist victims. Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise. If you suspect your organization has been targeted, please contact your local FBI office,” the agency said in a statement.

Scattered Spider targets IT help desks

Scattered Spider’s most recent efforts include cyber criminals using social engineering techniques such as impersonating employees or contractors to deceive airline IT help desks into granting them access. The techniques often involve methods to bypass security measures such as multi-factor authentication and convincing airline staff to add unauthorized MFA devices to compromised accounts.

Once they get access, Scattered Spider criminals steal sensitive data for extortion and often employ ransomware. It is unclear if the operations jeopardize airport safety.

The scheme targets large corporations and third-party IT providers, opening up any business that works with an airline, including trusted vendors and contractors, the FBI said.

The criminal gang is no stranger to the FBI.

In 2023, Scattered Spider was blamed for hacking both MGM Resorts and Caesars Entertainment within a week of each other,” Business Insider reported.