Last Friday, September 19, 2025, a cyberattack aimed at the provider Collins Aerospace—key to airline check-in and boarding systems—generated one of the biggest recent crises in European aviation, affecting airports in Brussels, Heathrow (London) and Berlin-Brandenburg.

The fall of the Muse software, supplied by Collins Aerospace and recently chosen as an official NATO supplier, has forced it to operate all 'check-in' and boarding processes manually in the main affected terminals. The result: massive cancellation of flights—mainly in Brussels with half of the number of departures suspended and more than 35,000 passengers affected—as well as delays, long lines and redirection of airlines to other European airports.

As of the closing date of the weekend, companies and authorities warn that the alterations will persist and both the full scope and the authorship of the attack are still being investigated, which the first indications are related to possible ransomware without official confirmation by specific criminal groups.

How was the attack and what impact did it have?

Attack vector and operational reaction

  • The attack impacted Collins Aerospace, disrupting automated systems and forcing the manual management of check-in and baggage in real time.
  • The compromised systems allowed access to critical airport flow data and operations.
  • Up to 50% of scheduled flights in Brussels had to be canceled; at Heathrow and Berlin, although the main flights were able to depart, there were also delays, queues and detours.

Which airports and companies were affected?

  • Brussels-Zaventem: main victim with 44 departing flights and 28 arriving flights canceled between Saturday and Sunday.
  • London-Heathrow: minor incidents but with dozens of delayed or manual flights.
  • Berlin-Brandenburg: delays, manual management, but without critical impact on operational safety.
  • European network: effects on connections to Dublin, Cork and potentially other centralized airports, although the biggest impact occurred in Belgium.

Security and Critical Infrastructure: Why This Incident Matters

  • Collins Aerospace had signed a strategic contract with NATO for cyber defense operations days earlier, coinciding with geopolitical tensions in Eastern Europe.
  • The use of ransomware on essential infrastructures shows the increasing sophistication and dangerousness of criminal actors; the attack illustrates the deep dependence of commercial aviation on external digital solutions.
  • Although customer data has not been leaked or there is a direct impact on aviation safety, experts warn that these interruptions have a ripple effect for connections, crews and chain operations, calling for urgent investments in resilience and segmentation of critical systems.

Practical recommendations for airports and companies in the sector

Immediate and medium-term best practices

  • Update and segmentation from networks of external providers of critical services (such as billing, doors, baggage management).
  • Response simulations and continuous review of contingency manuals to maintain safe and agile manual operations.
  • Regular auditing and pentesting of infrastructures and suppliers, especially after new contracts or NATO/Defense integrations.
  • MFA and segmented traffic: implement multifactor authentication and strict control of remote access to mission-critical systems.
  • Social engineering training: enhance staff training by operating mixed systems and receiving incidents in real time.

🛡️ Perform a comprehensive cybersecurity audit with Apolo Cybersecurity and anticipate vulnerabilities before they become a national emergency

The crisis experienced in Brussels, London and Berlin marks a before and after in the perception of cyber risk in European air transport. The incident underscores the urgency of active collaboration between airport operators and technology providers, as well as the importance of auditing not only our own systems, but those of all the key players in the chain.

Is your organization prepared to respond to a cyberattack that paralyzes critical operations and causes millions of dollars in losses?

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity