A sophisticated cyberattack on Collins Aerospace has sent shockwaves through the aviation industry, causing widespread flight delays and cancellations across major European airports. The incident, which began late Friday night on September 19, 2025, has highlighted the critical vulnerabilities in our increasingly interconnected air travel infrastructure.
The Attack Unfolds
The disruption began late on Friday night, September 19, when attackers struck the systems of Collins Aerospace, a subsidiary of RTX (formerly Raytheon Technologies), interrupting automated passenger processing and forcing a switch to manual check-ins at affected airports. A cyberattack targeting check-in and boarding system provider Collins Aerospace has caused widespread delays and cancellations at several major airports across Europe, including London Heathrow, Brussels Airport, and Berlin Brandenburg.
The attack specifically targeted Collins Aerospace’s MUSE (Multi-User System Environment) software, which is crucial for automated passenger processing systems. Collins Aerospace, whose systems help passengers check themselves in, print boarding passes and bag tags and dispatch their luggage from a kiosk, cited a “cyber-related disruption” to its MUSE (Multi-User System Environment) software at “select airports.”
Immediate Impact on Operations
The cyberattack forced airports to abandon their digital systems and revert to manual processes, creating significant operational challenges. Brussels airport reported that the attack means that only manual check-in and boarding was possible there, while a cyberattack has crippled automated check-in and boarding systems at major European airports including Heathrow, Brussels, and Berlin.
RTX, Collins Aerospace’s parent company, said it was aware of a “cyber-related disruption” to the software at selected airports, without naming them. Heathrow Airport said it was among those affected. Brussels Airport and Berlin Airport were also affected, they said separately.
The company issued a statement acknowledging the incident: “We have become aware of a cyber-related disruption to our Muse software in select airports. We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible. The impact is limited to electronic customer” processing systems.
The Broader Security Context
This attack comes amid a concerning surge in aviation sector cybersecurity incidents. Attacks on the aviation sector have surged 600% from 2024 to 2025, exposing the risks of efficiency-driven but vulnerable models. The incident has exposed critical weaknesses in digital transport infrastructure, particularly regarding the aviation industry’s reliance on single suppliers for critical systems.
Historical Precedent: The 2023 BianLian Connection
Adding another layer of concern to this incident is Collins Aerospace’s previous encounter with cybercriminals. Collins Aerospace Systems, a unit of Raytheon Technologies is a provider in technology and solutions for the global aerospace and defense industry was previously targeted by the BianLian ransomware group in July 2023, with Leak Size 20GB of data allegedly compromised.
Several breach-tracking websites have previously said that Collins Aerospace was hit by ransom-seeking hackers in 2023. The company did not return a message seeking comment on those allegations or details about Saturday’s incident. While there is no confirmed direct link between the 2023 breach and the current incident, the overlap raises important questions about the long-term security implications of previous compromises.
The BianLian group is particularly noteworthy for its evolving tactics. BianLian group originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data; however, they shifted primarily to exfiltration-based extortion around January 2023 and shifted to exclusively exfiltration-based extortion around January 2024.
Critical Infrastructure Vulnerability
This incident underscores a fundamental vulnerability in modern aviation: the concentration of critical services among a small number of technology providers. Collins Aerospace serves as a vital technology backbone for numerous airlines and airports worldwide, making it an attractive target for cybercriminals seeking maximum impact.
The attack has demonstrated how a single point of failure can cascade across an entire transportation network, affecting thousands of passengers and highlighting the interconnected nature of modern aviation infrastructure.
Industry Response and Implications
The attack exposed key weaknesses in digital transport, highlighting how reliance on a single supplier can disrupt aviation. Experts call for stronger security measures across the industry. The incident serves as a wake-up call for aviation stakeholders to reassess their cybersecurity postures and supply chain vulnerabilities.
The timing and scale of this attack raise questions about whether this represents a new phase in cyber warfare targeting critical infrastructure. The aviation industry’s increasing digitization, while improving efficiency and passenger experience, has also expanded the attack surface available to malicious actors.
Looking Forward
As airports work to restore full automated operations, this incident will likely prompt significant discussions about cybersecurity resilience in the aviation sector. The challenge lies in balancing the efficiency gains from digital systems with the need for robust security and backup procedures.
Organizations across the aviation industry must now grapple with hard questions: How can critical infrastructure be better protected? What backup systems should be in place? And how can the industry reduce its vulnerability to single points of failure while maintaining the seamless travel experience passengers expect?
This cyberattack on Collins Aerospace serves as a stark reminder that in our interconnected world, a security breach at one company can ground flights across continents, affecting thousands of travelers and highlighting the critical importance of cybersecurity in maintaining the global transportation network that modern society depends upon.
Leave a comment