There have been 10 major cyberattacks on aviation in 2025 already: How can the industry protect itself?
August 1, 2025
So far this year, the aviation industry has faced a rise in cyberattacks, ranging from hacktivist-led DDoS campaigns to data breaches affecting millions of passengers.
The 10 most significant cyber incidents, as reported by SOCRadar, impacted airlines, airports, and other organisations. Each exposed vulnerability in the industry’s interconnected systems.
“Aerospace organisations are attractive targets because of their operational complexity and high sensitivity to downtime,” Sam Rubin, SVP, Consulting and Threat Intelligence at Unit 42 for Palo Alto Networks, tells AGN.
“Attackers understand that even brief disruptions can have far-reaching consequences—financial, logistical, and reputational. This urgency often pressures companies to act quickly, making them more vulnerable to ransom demands.”
1. Qantas Airways data breach – 5.7 million customers exposed (June–July 2025)
Country: Australia
Threat Actor: Scattered Spider (suspected)
What Happened:
An attack on a third-party platform tied to a Qantas contact centre compromised the personal information of 5.7 million passengers. The records contained frequent flyer data, email addresses, and contact information, but not payment or passport details.
The breach drew attention to third-party and ‘social engineering’ risks. Social engineering involves manipulating people into sharing information, downloading software, or visiting websites that compromise organisational security.
2. Los Angeles International Airport DDoS attack (March 2025)
Country: United States
Threat Actor: Dark Storm Team (pro-Palestinian hacktivist group)
What Happened:
A massive DDoS attack disrupted flight information displays, baggage handling, and check-in systems at LAX. Although no flights were cancelled, the attack caused flight delays and passenger confusion.
3. Kuala Lumpur International Airport ransomware attack (March 2025)
Country: Malaysia
Threat Actor: Qilin ransomware group (claimed)
What Happened:
A ransomware attack severely impacted KLIA operations, taking down systems for over 10 hours. The attackers claimed to have stolen 2TB of data and demanded $10 million in ransom. While manual workarounds kept flights moving, the incident triggered a nationwide cybersecurity response.
4. WestJet Airlines IT intrusion (June 2025)
Country: Canada
Threat Actor: Scattered Spider (suspected)
What Happened:
An attack on parts of WestJet’s digital infrastructure affected its mobile app and internal systems. The airline avoided flight disruptions but warned of ongoing service instability. As with Qantas, the attack may have involved social engineering.
5. Hawaiian Airlines cyber incident (June 2025)
Country: United States
Threat Actor: Scattered Spider (suspected)
What Happened:
A cybersecurity incident affected the airline’s internal systems and communications. Although the breach did not expose customer data, staff had to find other ways to communicate to keep operations going.
6. ICAO Recruitment Platform Breach (January 2025)
Organisation: International Civil Aviation Organisation (UN agency)
Threat Actor: “Natohub”
What Happened:
A breach of ICAO’s recruitment system exposed data for nearly 12,000 applicants. The attack didn’t affect operational systems but raised alarms over security at aviation’s top regulatory bodies.
7. Milan Bergamo Airport website offline after DDoS attack (April 2025)
Country: Italy
Threat Actor: Noname057(16) (pro-Russia hacktivist group)
What Happened:
A coordinated DDoS campaign took down the airport’s website, disrupting public access. The attack was part of a larger ideological campaign by Russian-aligned actors targeting EU infrastructure.
8. United Airlines alleged SMS leak on the dark web (June 2025)
Country: United States
Threat Actor: “Machine1337” (unverified)
What Happened:
A hacker allegedly released 272 million SMS records linked to United Airlines. However, the messages appeared to be test data labelled “FakeDLR.” That called into question the legitimacy of the hacker’s claims, but still showed United is a target.
9. Attempted DDoS attack on Atlanta Hartsfield-Jackson (March 2025)
Country: United States
Threat Actor: Unknown
What Happened:
An attempted DDoS attack temporarily disrupted ATL airport operations. Core operations were unaffected, and the airport’s IT responded quickly to avoid a more serious impact. The incident underscored the importance of strong DDoS defences.
10. Unauthorised VPN access sale targeting a US aviation company (ongoing)
Country: United States
Threat Actor: Unknown (Dark Web listing)
What Happened:
A dark web post advertised VPN access to an American aviation company with $93M in annual revenue. Though unconfirmed, such access could enable data theft, lateral movement, and ransomware attacks, posing a serious risk to backend infrastructure.
Industry-wide ‘access sale’ listings on the dark web
SOCRadar flagged numerous alleged access sales related to airlines and aviation vendors. While not always verifiable, the trend points to a thriving underground market for compromised aviation credentials and system access.
“Unit 42 has responded to a wave of high-impact attacks this year—not only in aerospace, but across financial services, telecom, retail, and insurance,” Rubin says.
How aviation can prepare for more cyberattacks
The incidents from 2025 confirm that the aviation industry is a significant target for hackers. The scale, speed, and sophistication of cyberattacks are growing, whether they are politically or financially motivated.
Cyber experts warn that airlines, airports, and regulatory bodies must adopt zero-trust strategies, train staff on cyber hygiene, and invest in real-time monitoring and response capabilities.
“The most effective step companies can take is to strengthen their people defences,” says Rubin. “This means clearly defined identity verification procedures, regular training, and empowering employees and support teams to recognise and report suspicious activity.”
SITA’s 2024 Air Transport IT Insights report shows that enhanced cybersecurity is the top priority of investment for airlines. The investment has primarily focused on creating a security operations centre (SOC), with 87% of airlines reporting an implementation.
Airlines have turned to artificial intelligence/machine learning for threat detection and analysis, with 81% implementing this technology. Airports have also made cybersecurity a priority, with 80% reporting it as their most significant IT spending.
Bad actors will continue to search for the weakest link in aviation, and that is often human.
“Building awareness and tightening processes can go a long way in preventing these types of attacks,” Rubin says.
