One Vendor, Many Airports: Collins Aerospace Hack Ripples Across Europe

On September 20, 2025, a major cyberattack severely disrupted air travel across key European airports, including Heathrow (London), Brussels, and Berlin Brandenburg. The attack targeted Collins Aerospace, a U.S.-based aviation technology vendor responsible for check-in and boarding systems used by multiple airlines globally. The disruption forced airports to revert to manual operations, causing widespread flight delays, cancellations, and logistical chaos across Europe.

Severity: High

Incident Overview

Attack timeline: The attack took place on the evening of Friday, September 19, and its effects were first noticed on Saturday morning, September 20.
Target: The attack focused on the Multi-User System Environment (MUSE) software provided by Collins Aerospace, a subsidiary of RTX (formerly Raytheon Technologies). The MUSE platform is used by multiple airlines across airports to manage electronic check-in, baggage drops, and boarding processes.

Details Of The Cyberattack:

• While Collins Aerospace described the incident as a “cyber-related disruption,” Brussels Airport explicitly called it a “cyber-attack”.
• Cybersecurity experts believe the attackers likely exploited the supply chain, as these third-party platforms are used by numerous airlines and airports simultaneously.
• As of September 20, no official information has been released regarding the nature, origin, or perpetrator of the attack.
• The UK’s National Cyber Security Centre (NCSC) stated it was working with Collins Aerospace, affected UK airports, the Department for Transport, and law enforcement to understand the full impact.

Operational And Industry Impact

Shift to manual operations: The system outage forced airports to revert to manual processing of passengers, which caused extensive delays and created bottlenecks.

Severity of Disruption Varied:

• Brussels Airport: Reported 10 flight cancellations and multiple flights delayed by over an hour. The airport explicitly linked the issue to a cyberattack.
• Heathrow Airport: Acknowledged the issue with Collins Aerospace but said the disruption was “minimal” and did not cause flight cancellations directly. The airport deployed extra staff and advised passengers to check their flight status.
• Berlin Brandenburg Airport: Reported longer wait times and stated the problem was with a “system provider operating across Europe”.
• Unaffected:
  • Other major hubs, like Paris’s Charles de Gaulle and Orly, and Frankfurt and Zurich, were not affected.
  • Some carriers, such as Delta Air Lines and United Airlines, had workarounds to minimize disruption, while budget carrier EasyJet reported no effect on its operations. Air India issued an advisory for its passengers flying from London, suggesting they complete web check-in beforehand.

Broader Implications And Future Outlook

Rethinking aviation security: The incident is expected to pressure regulators and industry leaders to reassess cybersecurity protocols for critical infrastructure. Experts like Charlotte Wilson of Check Point have urged stronger collaboration between governments, airlines, and technology providers.

Supply chain vulnerabilities: The attack highlights the risks of relying on a few major third-party vendors for critical systems. Supply chain attacks have become an increasingly common tactic for threat actors.

Industry vigilance: The aviation sector has been targeted by ransomware attacks with increasing frequency in recent years. This incident serves as a significant reminder of the ongoing threat and the need for robust cyber-resilience.

Source:

• https://www.brusselsairport.be/nl/passengers/infopage/difficult-airport-operations
• https://www.ncsc.gov.uk/news/collins-aerospace-incident
• https://www.linkedin.com/pulse/major-cyberattack-disrupts-european-airports-the-cyber-security-hub-5sqpe/

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.