Cyberattacks Disrupted Flights Across Europe

By Mejreme Asllani | 11 October 2025

Summary

• A sophisticated cyberattack on 19 September 2025 targeting Collins Aerospace’s widely used MUSE software caused significant operational disruption at major European airports by disabling automated passenger check-in systems.

• The incident exposes the acute systemic vulnerability of the interconnected aviation ecosystem, demonstrating how a single-point failure in the software supply chain can lead to severe and widespread consequences.

• In the near term, a continued wave of opportunistic attacks is highly likely, which will accelerate regulatory pressure for mandatory cybersecurity standards and drive long-term investment in advanced defensive technologies like AI.

Context

On 19 September 2025, a major cyberattack caused widespread disruption across several of Europe's busiest airports, including Heathrow, Brussels, Berlin and Dublin. The cyberattack is believed to be a ransomware strike, a type of malicious software that encrypts data and demands payment for its release, targeting an IT supplier, Collins Aerospace, a US-based technology firm that provides the widely used MUSE (Multi-User System Environment) software for passenger check-in and boarding. The European Union Agency for Cybersecurity (ENISA) later confirmed the attack involved ransomware. The attack forced airports to revert to manual check-in and boarding procedures, leading to extensive flight delays, cancellations, and passenger turmoil over a period of several days. This event serves as the most extreme example to date of an escalating pattern of cyber threats against critical European infrastructure, underscoring the inherent risks in the sector's reliance on a severely limited number of specialised third-party technology providers. These attacks starkly illustrate the sector as a prime geopolitical and financial target, a vulnerability that has underpinned a hostile landscape where such cyberattacks have skyrocketed by 600% in a single year.

The Evolving Threat Landscape

Cyber attacks deliberately targeting Europe’s critical infrastructure (Chart 1) are escalating in sophistication and frequency, a trend starkly illustrated by the recent cyberattack at Collins Aerospace below. The aviation sector has experienced a spectrum of cyberattacks globally, ranging from the disruptive DDoS campaigns to data breaches and ransomware. This trend of cyberattacks is evident globally. In 2025 alone, cyber incidents have disrupted over ten major aviation entities. These range from attacks on airlines such as American and Hawaiian Airlines to disruptions at airports across the US, Canada, France, Italy, Malaysia and Australia. These recent events follow a clear pattern of sustained attacks, including hacktivist DDoS campaigns on German (2023) and Danish airport websites (2023-24), a significant data breach at Japan Airlines (December 2024), and increasingly common and damaging supply-chain intrusions.

EU Critical Infrastructure Sectors Targeted / EuRePoc

This assault on aviation mirrors a broader campaign against all European critical infrastructure. For example, the 2022 Russian cyberattack on the Viasat satellite network, occurring just before the invasion of Ukraine, crippled vital satellite communications for energy grids. Separately, widespread ransomware attacks severely disrupted logistics and port operations at major European states, including Germany, France, Greece, Hungary, Poland and Italy. The threat extends beyond the digital realm. Physical incursions are also a growing concern. For instance, Copenhagen Airport was recently forced to suspend air traffic due to unidentified drone activity in its airspace, while similar drone sightings have been reported near Munich and Frankfurt Airports.

While some attacks have been claimed by known pro-Russian hacktivist groups ‘KillNet’ and NoName57(16), attribution remains a significant challenge. Threat actors, whether state-sponsored or criminally motivated, are adept at concealing their origins using a veil of complex proxies and false flags. This fundamental uncertainty about the adversary’s identity and intent significantly magnifies the consequences of an attack, ensuring they extend far beyond the immediate technical failure. 

Strategic Implications

These cyberattacks have major repercussions across critical operational, economic, security and political domains, impacting stakeholders at every level, from individual passengers to national governments. The most immediate and visible impact is severe operational disruption. The sudden inability to use automated systems created a logistical bottleneck, overwhelming staff and causing delays and cancellations that rippled across Europe's busiest airports, such as London Heathrow, Brussels, and Berlin. This system paralysis left passengers unable to access real-time flight information, resulting in confusion and chaos throughout terminals. 

This operational chaos had direct, significant economic consequences. Airlines and airports face direct losses from cancelled flights, the costs of compensating stranded passengers, and increased staffing expenses. Moreover, the reputational damage erodes long-term consumer confidence, potentially affecting future bookings. 

Beyond the immediate disruption, these attacks, whether sophisticated ransomware or Distributed Denial of Service (DDoS) attacks, expose profound security vulnerabilities within the aviation ecosystem. Such incidents serve as proof of dangerous examples for malicious actors, creating a playbook to probe for weaknesses that could be exploited in future, more catastrophic attacks targeting air traffic control or flight safety systems. Furthermore, the potential for data exfiltration during a ransomware attack raises concerns about the security of sensitive passenger data, which could lead to significant regulatory fines under GDPR. Ultimately, the passengers face a twofold erosion of trust: in the sector’s ability to ensure their physical safety and to safeguard their personal information.

On a political level, persistent cyberattacks on critical infrastructure place immense pressure on national governments and EU-level bodies to formulate a decisive response. These cyberattacks will accelerate discussions around mandatory cybersecurity standards for critical infrastructure and its supply chains. It starkly highlights gaps in regulation and oversight, prompting calls for greater intelligence sharing and collaborative defence mechanisms across Europe, as advocated by the World Economic Forum (WEF). 

Forecast

• Short-term (Now - 3 months)

  • It is highly likely that a dual wave of attacks will persist, combining opportunistic, low-sophistication DDoS campaigns with more targeted ransomware attacks to exploit the current disruption. 

  • It is likely that airports will be forced to increase investment in cyber resilience, increasing investment in specific mitigation services and conducting urgent reviews of incident response plans.

• Medium-term (3-12 months)

  • It is likely that threat actors will intensify their focus on the supply chain, using third-party vendors as the primary vector for intrusion.

  • It is very likely that regulatory pressure will increase, compelling mandatory and more stringent cybersecurity audits for all critical suppliers.

• Long-term (>1 year)

  • It is possible that sophisticated threat actors, having identified critical weaknesses, will attempt to target more sensitive aviation systems, such as baggage handling or air traffic management systems. 

  • It is likely that the European aviation sector will evolve to integrate AI for predictive threat detection and to autonomously respond to threats.