---
title: Collins Aerospace Cyber Attack Grounds Thousands
description: Ransomware cripples Collins Aerospace’s MUSE, forcing check-ins and cancellations across Europe. Crisis exposes aviation cybersecurity and supply-chain risk.
author: Darie Nani (Editor-in-Chief)
date: 2025-09-23T14:12:56.000Z
updated: 2026-03-04T20:39:38.307Z
canonical: https://www.sovereignmagazine.com/article/collins-aerospace-cyber-attack-grounds-thousands
image: https://cdn.nanimediahouse.com/22e77242-353c-4e6c-858c-815120e269c8.jpg
categories: Supply Chains
content_type: News
region: London
publication: Sovereign Magazine
about:
  - type: Organization
    name: RTX
---

When ransomware criminals targeted Collins Aerospace’s MUSE software system on 19 September 2025, they caused widespread disruption across European airports. The attack forced manual check-ins at Heathrow, Brussels and Berlin airports, demonstrating how a single point of failure can cascade through global transportation networks.

The [ransomware attack on Collins Aerospace](https://www.theguardian.com/business/2025/sep/21/disruption-continues-heathrow-brussels-berlin-airports-cyber-attack) exposed vulnerabilities in modern aviation’s technological foundation. Brussels Airport was forced to [cancel half of Sunday’s scheduled departing flights](https://travelweekly.com.au/aviation-cyber-risk-exposed-as-european-airports-hit-by-major-attack/) to prevent chaos, whilst passengers across Europe faced lengthy queues as staff manually processed check-ins and boarding passes.

## One Software System Controls European Air Travel

Collins Aerospace, a subsidiary of RTX (formerly Raytheon Technologies), has become an invisible backbone of global air transport. Their MUSE software manages automated passenger processing from check-in kiosks to boarding gates and baggage handling networks.

The company’s technology shows how deeply third-party systems have embedded themselves in aviation operations. MUSE controls passenger flow across multiple touchpoints, creating efficiency gains that have allowed airports to handle increasing volumes without proportional staff increases. When these systems fail, airports discover their dependency on [digital processes that replaced manual alternatives](https://www.sovereignmagazine.com/article/airport-cyberattack-exposes-hidden-vulnerabilities-in-travel-s-digital-backbone).

This dependency extends throughout aviation’s supply chain, from sophisticated aircraft electronics to ground infrastructure. The underlying hardware, including components like [aerospace PCB manufacturing](https://altimex.co.uk/aerospace-pcb-manufacturing/), forms the foundation of these systems, making their security vital for operational continuity.

## Supply Chain Vulnerabilities

The Collins attack highlights a weakness in modern aviation: the concentration of functions in powerful but vulnerable technology providers. French aerospace giant Thales recently reported a [600 per cent surge in airline and airport cyber attacks](https://travelweekly.com.au/aviation-cyber-risk-exposed-as-european-airports-hit-by-major-attack/) between 2024 and 2025.

Similar vulnerabilities affect [other sectors, as shown by recent](https://www.sovereignmagazine.com/article/automotive-cybersecurity-crisis-growing-threats-to-connected-vehicle-systems) automotive cybersecurity threats that expose how third-party risks cascade through supply chains. Aerospace contractors serve both civilian and defence sectors, making them attractive targets for cybercriminals and state actors.

These companies manage large amounts of sensitive data whilst controlling systems that can disrupt infrastructure on a continental scale. The interconnected nature of aerospace electronics creates systemic risk, where a breach at one supplier can affect multiple airlines, airports and aircraft systems.

Unlike isolated network attacks, threats targeting aerospace technology providers can simultaneously affect numerous operators using the same systems. This mirrors [nation-state cyber operations](https://www.sovereignmagazine.com/article/why-the-salt-typhoon-hack-changes-everything-about-national-cybersecurity-defence) that have made global cybersecurity a national security priority.

### ENISA Confirms Ransomware

The European Union’s cybersecurity agency [ENISA confirmed the ransomware nature of the attack](https://techcrunch.com/2025/09/22/eu-cyber-agency-confirms-ransomware-attack-causing-airport-disruptions/) on Monday, though officials declined to share details about the specific threat actors or methods involved. Authorities across Europe are investigating the incident.

Collins Aerospace acknowledged the ‘cyber-related disruption’ and stated it was working with affected airports to restore functionality whilst implementing software updates to address the exploited vulnerabilities.

## Recovery and Response

By Sunday, disruptions at Heathrow and Berlin had eased significantly, though Brussels remained the worst affected. On Monday, Brussels Airport asked airlines to cancel half of their departing flights as Collins Aerospace worked to deploy a secure software update. The company confirmed it was in the final stages of restoring full functionality to the MUSE system.

Some airports showed better resilience. [British Airways operated with a backup system](https://www.sovereignmagazine.com/article/when-critical-infrastructure-becomes-prime-target-what-the-european-airport-cyberattacks-mean) during the outage, whilst other airlines remained dependent on the compromised MUSE software. The UK’s National Cyber Security Centre worked directly with Collins Aerospace and affected airports to restore services.
