A suspected cyber-attack targeting a third-party software supplier has caused major flight cancellations and delays at several European airports over the weekend. London’s Heathrow Airport and terminals in Brussels, Berlin, and Dublin are among those that continue to be impacted by the incident. A US aerospace and defense leader, RTX, told the BBC that its Muse software was targeted by threat actors. The software helps airlines to digitally check in passengers, validate boarding passes, and tag baggage, enabling them to share desks and gates rather than requiring their own. As such, the outage forced some airlines at certain European airports to check in and board passengers by pen and paper.[1]
“Work continues to resolve and recover from an outage of a Collins Aerospace airline system that impacted check-in. We apologize to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate,” read a notice on the Heathrow Airport website on 22 September 2025. “We encourage passengers to check the status of their flight before travelling to Heathrow and to arrive no earlier than three hours for long-haul flights and two hours for short-haul.”
Brussels Airport posted a similar message on its website, but referred to the incident as a “cyber-attack” rather than an outage. It urged passengers to only come to the airport if their flight is confirmed and to check in online before arrival.
Javvad Malik, lead security awareness advocate at KnowBe4, argued that building cyber resilience requires a focus on people, process, and communications as much as security controls. “Air travel depends on shared systems, so a failure in a common check-in platform quickly cascades into missed connections, accessibility shortfalls, and staff forced into manual workarounds,” he added. “It's why it is important to build in graceful failure by assuming the primary system will go down and rehearsing manual operations, offline boarding, and accessible contingencies, with cross-trained staff and basic tools ready.”
Charlotte Wilson, the head of enterprise business at Check Point, explained that attacks on aviation targets are increasing in frequency and intensity. “These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once,” she said. "To build resilience, aviation companies must take a layered approach: rigorously patching and updating software to close vulnerabilities, continuously monitoring for unusual activity that could indicate an intrusion, and implementing clear, well-tested backup systems that ensure airports and airlines can keep operating even if critical digital tools are knocked offline.” Improved information-sharing between governments, airlines, and technology providers is also vital to accelerate incident response across borders, Wilson argued.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a Notification and a Tier I Mitigation service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.infosecurity-magazine.com/news/airport-chaos-third-day-supply/
Comments