A cyberattack on Collins Aerospace is causing major disruptions at various European airports since Friday. The affected system, the MUSE software, plays an important role in passenger check-in and boarding. Several days on, no secure version is available, and details of the attack remain undisclosed.
Collins Aerospace is one of the largest suppliers in the aviation and defense industry. The company, which is part of RTX Corporation, supplies critical systems for both civil aviation and defense. Their portfolio includes avionics, communication and navigation systems, and mission systems for defense.
The attack targets a component for civil aviation, namely Collins Aerospace’s MUSE (Multi-User System Environment) software. This system is used for electronic check-in, baggage drop, boarding, and counter check-in at terminals.
Airports have switched to manual check-in and boarding procedures, on the vendor’s advice. This is causing significant delays and long queues. Passengers are advised to arrive early and check their flight status regularly.
Brussels Airport has announced that the external software supplier “is not yet able to deliver a new secure version of the check-in system.” The airport is trying to limit the impact as much as possible, but is experiencing the most disruption. This resulted in 25 canceled flights on Saturday and 50 on Sunday. The impact was greatest on Monday. The airport had requested that nearly 140 flights be canceled.
Uncertainty and speculation
There is still very little information about the attackers and the demands of this criminal gang. The attack on the software is causing difficulties at various airports, meaning that the attackers have certainly caused disruption. It is not officially known whether passengers’ personal data was also stolen. Some media outlets have reported this, but it has not been officially confirmed anywhere.
If these rumors are true, the attackers could have personal data from thousands of passengers in their possession. This data would include passengers’ personal details, full names, and dates of birth. This is sensitive information that the attackers would likely demand a high price for. The attackers could easily justify such a price: the unusability of the MUSE software. This results in enormous financial costs for the affected airports to operate without this software.
It is likely that the company will pay the ransom to secure this data. Two years ago, a group of hackers also managed to penetrate Collins Aerospace’s systems. The loot was pilot data, for which the company paid the ransom demanded to keep it secret. No official communication from the company about the incident followed.
In this case, Collins Aerospace appears to be following the same approach, with Collins Aerospace releasing as little information as possible. Collins Aerospace/RTX did confirm the incident as a “cyber-related disruption” and is working to restore full functionality. The remaining information gathered about the incident was generally obtained from the affected airports.
Global impact reveals vulnerability
In addition to Brussels Airport, other European airports are also experiencing problems. Heathrow in London, Berlin Brandenburg Airport, and Dublin are all reporting disruptions due to the same cyberattack.
The international impact underscores how vulnerable critical infrastructure can be when external service providers are affected. Because Collins Aerospace is a key supplier to airports and airlines worldwide, an attack on their systems causes chain reactions throughout the industry. The software is reportedly in use at around 100 airports, but not all of them are experiencing disruptions.
“Cybercriminals deliberately exploit aviation’s weakest point: its dependence on shared digital systems and external suppliers. When a single supplier is compromised, it can knock out dozens of airports and airlines in one fell swoop, causing flights to be canceled, passengers to be stranded, and chaos to ensue across borders,” says cybersecurity expert Zahier Madhar of Check Point Software in response to the news.
No solution yet
On Monday morning, Collins Aerospace announced that it is working with four affected airports and airlines on the latest updates to restore full functionality. An exact timeline for resolving the issues is not yet known. The attack has been disrupting the daily operations of several European airports for several days. Madhar explains why there is no solution yet: “Attackers know exactly when to strike. Weekends and holidays are prime targets because IT and security teams are less staffed, response times are longer, and the disruption inevitably carries over into Monday’s busy travel traffic.”
The attack on Collins Aerospace has demonstrated how vulnerable the daily operations of airports can be when support systems fail. Although much remains unclear about the perpetrators and the technical details, the impact on travelers and airports is clearly noticeable.
“Unless the aviation industry takes cybersecurity as seriously as physical security and operational continuity, the risk of large-scale disruptions will only increase. Just as no aircraft would ever take off without thorough safety checks, the industry must now apply the same principle to cyber resilience. Cybersecurity is no longer just an IT issue; it is essential to keeping passengers safe and planes flying,” Madhar concludes.
Also read: Connected from curb to gate at Harry Reid International Airport