This is gold. It shows exactly why proactive monitoring matters — and why we’re pushing for stronger security across the board.
— Managing Director
Introduction
In June 2025, a company in the aviation industry faced a planned phishing campaign targeting two internal user accounts. The attack happened within minutes and formed part of a broader attempt to bypass multi-factor authentication (MFA). As a result, for companies managing high-value aviation assets and complex global partnerships, the stakes are significant: a single breach could expose operational communications, partner contracts, financial data, and maintenance or records documentation—risking delays to aircraft transitions, schedule disruption, penalties, and reputational damage.
The aviation sector is highly regulated and time-critical. Cybercriminals increasingly exploit these pressures with convincing social engineering lures and MFA bypass techniques that align access attempts with user behaviour. This case study shows how early detection and rapid response neutralised the threat before it escalated—protecting continuity, confidentiality, and trust.
Challenge
A phishing campaign targeted two separate internal accounts. One was for human resources, and the other for fleet operations. For example, in one case, the user received an email from a compromised external source and clicked on a malicious link. In the other, the user recognised the email as suspicious and did not engage. The attackers attempted to exploit text-based MFA to gain unauthorised access, posing a serious risk to sensitive data and operational workflows. The challenge lay not only in the timing and planning of the attacks but also in their cleverness. The attackers used real-looking emails and timed their access attempts to happen at the same time as user interaction, ultimately making detection more difficult without advanced monitoring tools.
Solution
Huntress flagged unusual sign-in activity within minutes of the attackers’ attempts. Notably, the alert for the fleet account was triggered even before the HR account’s link was clicked, confirming that both incidents were part of the same campaign.
The response timeline was swift and precise:
- Huntress logged the incident at 08:25 AM.
- The team assigned and acted upon the alert within 23 minutes.
- Then, the team cancelled sessions, reset passwords, and removed MFA methods before attackers could regain access.
- Finally, the team issues temporary credentials were issued to restore user access securely.
This quick response ensured that the attackers were locked out before any data could be accessed or stolen.
Results
- Both incidents were fully contained within 30 minutes.
- No data was accessed or compromised.
- The attackers failed to sign back in after containment.
- Business operations continued without disruption.
- The client gained renewed confidence in their layered security approach and the value of real-time threat detection.
Written by: Jolene Oelofse – Marketing Lead, Hybrid Technology Partners
Jolene leads Hybrid TP’s content strategy, translating complex IT and cybersecurity topics into practical insights for Irish SMEs. She collaborates closely with the technical team and Managing Director Paul Browne to ensure every article reflects real-world accuracy and business value.
