Hawaiian Airlines Hit by Cyberattack

Red Dog Security

02 Jul 2025 — 2 min read

Hawaiian Airlines, one of the ten largest commercial airlines in the United States, is investigating a cyberattack that disrupted access to parts of its IT infrastructure. While flight operations remain unaffected, cybersecurity experts suspect that the notorious Scattered Spider hacking group may be behind the incident.

In an official statement, the airline confirmed that flight safety was never compromised and that relevant authorities have been notified. Hawaiian Airlines has engaged external cybersecurity firms to assess the situation and assist with restoring affected systems.

“Hawaiian Airlines is addressing a cybersecurity issue that affected certain IT systems. Our top priority is the safety of our customers and employees. We have taken steps to secure operations, and all flights are operating normally with safety measures in place,” the airline said in a public update.

A banner posted on the airline’s website assures customers that flights continue to operate as scheduled. A similar notice has appeared on Alaska Airlines’ website—reflecting its ownership of Hawaiian Airlines following their acquisition last year.

Key Details So Far

It is unclear whether the incident involved ransomware encryption or if Hawaiian took systems offline proactively as a containment measure.
No hacking group has claimed responsibility, but industry analysts are watching for attribution.
The breach bears similarities to a recent attack on Canadian airline WestJet, which disrupted its website and mobile app earlier this month.

FBI: Scattered Spider Targeting Aviation

Over the weekend, a joint advisory from the FBI, Google Mandiant, and Palo Alto Networks warned that Scattered Spider may now be focusing its attacks on the aviation and transportation sectors. Known for its sophisticated social engineering tactics, the group often uses phishing, SIM-swapping, and third-party vendor access to infiltrate targets.

According to Axios, the WestJet breach may also be linked to Scattered Spider, further raising concerns about an ongoing campaign against North American airlines.

What’s Next?

Hawaiian Airlines says its investigation is ongoing, with assistance from federal and private cybersecurity teams. The airline is continuing to monitor for signs of deeper compromise, while agencies assess whether this is part of a larger trend of aviation sector attacks.

In the meantime, travelers are advised to:

Remain alert for phishing emails or SMS scams
Confirm flight details via official airline channels
Continue traveling as scheduled, as no flight delays or cancellations have been reported

352 Android Apps Infected with IconAds Adware

Security researchers at Human Security have uncovered a massive ad fraud operation dubbed IconAds, involving 352 malicious Android apps previously available on the Google Play Store. At its peak, the campaign generated over 1.2 billion ad requests per day, primarily targeting users in Brazil, Mexico, and the United States.

AI Chatbots Like ChatGPT Are Providing Fake URLs for Major Companies

Cybersecurity analysts at Netcraft have uncovered a troubling trend: AI chatbots frequently generate incorrect or misleading URLs when asked to provide official website links for major brands. According to researchers, this flaw opens a dangerous new vector for phishing and domain hijacking attacks. Key Findings from Netcraft’s Study The

Hackers Leak Allegedly Stolen Telefónica Data

A hacker is threatening to release 106 GB of data allegedly stolen from Spanish telecommunications giant Telefónica, though the company firmly denies any recent breach or data compromise. The threat actor, operating under the alias “Rey,” claims the intrusion occurred on May 30, during which over 12 hours of data

.es Domains Become 19 Times More Popular Among Phishers

Cybersecurity researchers at Cofense report a dramatic rise in phishing campaigns leveraging .es domains, which are officially reserved for Spanish-language websites or entities based in Spain. The use of these domains by cybercriminals has surged 19-fold since the beginning of 2025, making .es the third most exploited top-level domain (TLD)