On September 19, 2025, Collins Aerospace, a subsidiary of RTX Corporation, was hit by a cyberattack that targeted its MUSE (Multi-User System Environment / vMUSE) software. This system is widely used by airports across Europe for check-in, baggage drop, and boarding operations. The attack caused massive disruption, leaving thousands of passengers facing delays, cancellations, and confusion as airports scrambled to keep operations running.
What Happened
The cyberattack created a major disruption in the MUSE platform, knocking out digital systems used by airlines and airports for critical passenger services. Airports were forced to revert to manual procedures, including handwritten boarding passes and staff manually processing baggage. While emergency workarounds kept planes moving, many flights were delayed, and others were canceled altogether. The attack exposed just how vulnerable global aviation has become to technology failures and cyber incidents.
Impacted Airports
The disruption hit several major airports, with Heathrow in London, Berlin Brandenburg, Brussels, and Dublin among the most affected.
- Brussels Airport saw dozens of flight cancellations and hundreds of delays.
- Berlin Brandenburg faced long queues and incomplete baggage processing.
- Heathrow reported widespread delays, with most flights experiencing setbacks of more than 30 minutes.
- Dublin and Cork also reported disruptions, though to a smaller scale.
Passengers were left frustrated as airlines struggled to communicate updates and manage the growing backlog of travelers.
Ransomware Suspected
Experts believe the attack was triggered by ransomware. Early analysis points toward the HardBit ransomware strain, known for encrypting files and demanding payment from victims. The European Union Agency for Cybersecurity classified the incident as ransomware in nature. Investigators have not confirmed whether passenger data was stolen, but the possibility of data exfiltration is being examined.
Response and Investigation
Collins Aerospace is working around the clock to restore its systems and prevent further spread. Law enforcement agencies across Europe are involved, with the UK police already arresting a suspect connected to the incident. Investigations are ongoing, but the origin of the attack whether criminal syndicates or state-backed actors remains unclear.
Lessons for Aviation
The incident highlights the risks of heavy reliance on shared digital systems in aviation. When one vendor is compromised, the disruption spreads across multiple countries. It also underscores the need for stronger supply chain security, redundant backup systems, and stricter regulatory oversight. With aviation now a prime target for cybercriminals, airports and airlines worldwide are expected to step up their cybersecurity measures.
