Exposing Scattered Spider: New Indicators Highlight Growing Threat to Enterprises and Aviation

Scattered Spider, a sophisticated cyber threat group known for aggressive social engineering and targeted phishing, is broadening its scope, notably targeting aviation alongside enterprise environments. Check Point Research has uncovered specific phishing domain indicators, helping enterprises and aviation companies proactively defend against this emerging threat.

Recent Aviation Attacks Linked to Scattered Spider

In a significant escalation, recent media reports and intelligence advisories have linked Scattered Spider to cyber-attacks on major airlines, notably the July 2025 data breach affecting six million Qantas customers. Cybersecurity analysts noted tactics such as MFA fatigue and voice phishing (vishing), closely matching Scattered Spider’s known methods. 

Similar incidents involving Hawaiian Airlines and WestJet have further highlighted the urgency of addressing vulnerabilities in aviation-related third-party providers. 

Key Targeting Indicators (Phishing Domains)

Check Point Research has identified a consistent pattern in the phishing infrastructure registered by Scattered Spider. These domains closely mimic legitimate corporate login portals and ...