In September 2025, a major ransomware attack targeted Collins Aerospace, a subsidiary of RTX, causing widespread disruptions across several European airports. The company’s Multi-User System Environment (MUSE) platform, which facilitates passenger check-in, baggage handling, and boarding operations, was compromised. This incident underscores the vulnerabilities that arise when critical aviation infrastructure relies heavily on interconnected digital systems.
The Attack and Its Impact
The breach occurred on the evening of September 19, 2025. ENISA, the European Union Agency for Cybersecurity, confirmed that the attack involved ransomware, though the specific entry vector has not been publicly disclosed and no phishing emails have been confirmed as the source. The ransomware encrypted key systems, rendering automated check-in kiosks, bag-drop machines, and boarding gates inoperable. Airports were forced to revert to manual operations, resulting in flight delays, cancellations, and considerable passenger inconvenience. Heathrow Airport, Brussels Airport, and Berlin Brandenburg Airport all experienced significant operational disruptions, with delays averaging over one hour and cancellations affecting numerous flights.
Investigation and Response
British authorities arrested a man in his 40s in West Sussex in connection with the attack, but the broader network or group responsible remains unidentified. Collins Aerospace has been working to restore systems, while airports continue to implement contingency protocols to mitigate further operational disruptions. The incident has sparked renewed discussion about the cybersecurity resilience of third-party vendors and the critical importance of preparedness in aviation systems.
Lessons for the Aviation Sector
The Collins Aerospace attack illustrates the profound risks posed by vulnerabilities in third-party software and the cascading effects these weaknesses can have on multiple organizations. It highlights the importance of maintaining robust cyber hygiene, including timely patching, employee training, and proactive threat monitoring. The incident also demonstrates the value of having well-tested incident response plans that allow organizations to continue essential operations even under duress. Tools such as SteelGaze, which provide AI-driven phishing and threat detection with explainable insights, can play a pivotal role in helping aviation organizations anticipate and prevent attacks before they escalate.
Conclusion
The events surrounding Collins Aerospace serve as a stark reminder that modern critical infrastructure is highly interconnected and increasingly susceptible to cyber threats. Aviation operators and related organizations must continuously assess and enhance their cybersecurity posture to protect against ransomware and other sophisticated attacks. Integrating advanced threat detection systems, improving staff awareness, and reinforcing operational resilience are essential steps for mitigating risk and ensuring the continuity of essential services in the aviation industry.