- Hawaiian Airlines presents an 8-K form with the SEC
- Claims to have observed an attack, but did not affect flights or their safety
- Security researchers believe that the attack was made by a scattered spider
Hawaiian Airlines has said that he recently suffered a cyber attack, but emphasized that the incident did not affect any flight.
In a new 8-K form presented to the US stock and values commission. UU. (SEC), the airline said it identified a “security incident that affects certain information technology systems”, on June 23, 2025.
The company responded “taking measures to safeguard operations and systems”, bringing external cybersecurity experts to investigate the attack and notify the relevant authorities about the incident.
Scattered spider fingerprints
At that time other details are unknown, but security experts and the media are speculating that this could have been Spatrtred Spider’s work, a piracy collective that has been aimed at retail with headquarters in the United States lately.
In fact, Charles Carmakal, the Google Consulting Consulting Safety Research Arm, told The registration This attack “carries the distinctive seal” of that threat actor in particular.
“Mandiant is aware of multiple incidents in the airline and the transport sector that resemble the operations of UNC3944 or a scattered spider. We are still working on the attribution and analysis, but given the habit of this actor to focus on a single sector, we suggest that the industry takes immediate measures to harden the systems,” said Carmakal.
“The tactics, techniques and central procedures of the actor have been consistent. This means that organizations can take proactive measures such as training their staff of the help table to enforce the solid identity verification processes and implement MFA resistant to phishing to defend against these intrusions. Additional advice can be found in our previous hardening guide.”
Hawaiian adds that their flights work safely and according to the schedule.
“The company has not yet determined whether it is reasonably likely that the incident materially affects the financial condition or the results of the company’s operations,” the presentation concluded.
Since the company did not eliminate its network, it is sure to assume that this was not a ransomware attack, but these details could be known in the coming weeks.
