Cyberattack Puts Europe’s Aviation Infrastructure to the Test

Late Friday, a ransomware attack brought airport check-in systems across Europe to a halt, disrupting flights at major international hubs including London Heathrow, Berlin Brandenburg, and Brussels Airport.

The disruption targeted software supplied by Collins Aerospace, which provides essential infrastructure for airline ground operations.

While some services such as self-service kiosks and online check-in continued to function, the primary desk-based systems were knocked offline. Airline staff had to revert to handwritten boarding passes and manual check-in procedures.

As the weekend progressed, the impact became more severe.

Thousands of passengers experienced delays and cancellations, and Brussels Airport was forced to cancel nearly half of its scheduled departures for Monday.

Behind the scenes, recovery efforts revealed deeper complications. Internal documents suggested that the attackers remained inside the system even after initial recovery attempts.

The situation has drawn attention to the increasing dependence on digital infrastructure in aviation and the growing threat posed by cyberattacks to physical operations.

Why It Matters: As critical systems become more digitized and reliant on centralized vendors, the potential for widespread disruption increases. A targeted attack on a single software provider can quickly cascade into an international crisis. This event is a warning that cybersecurity lapses are no longer isolated IT problems. They can disrupt global movement and erode public confidence in essential infrastructure.

• Targeted Software Failure Brought Major Airports to a Standstill: The attack focused on Muse, a check-in platform developed by Collins Aerospace that handles key passenger functions such as boarding passes and dispatch. The failure disrupted over 140 flights in Brussels alone and caused widespread issues at other major airports. Many front-desk systems were completely disabled, forcing a sudden shift to manual operations.

• Manual Workflows Reintroduced Across European Airports: In response to the outage, staff at several airports switched to backup systems. Airline personnel at Heathrow and Berlin used handwritten boarding passes and personal laptops to check in passengers. Although self-check-in kiosks and online systems remained available, they could not fully compensate for the loss of the core infrastructure.

• Attackers Remained Embedded During Recovery Attempts: Internal communications revealed that Collins Aerospace faced ongoing intrusions even after attempting to restore the system. More than 1,000 devices were affected, and the recovery process had to be completed manually. Staff were advised not to log out or shut down affected systems to avoid further compromise. This prolonged the recovery and raised concerns about persistent threats within critical networks.

• Sharp Increase in Aviation Cyberattacks Adds Context: According to a report by Thales, the aviation industry saw a 600% increase in cyberattacks between 2024 and 2025. This event is part of a larger trend in which organized cybercriminal groups target infrastructure with high operational costs for downtime. The intent is often to extort ransoms in exchange for decrypting or restoring access to essential systems.

• Vendor Dependency Creates a Fragile Ecosystem: The attack demonstrated how dependence on a single software provider can turn into a systemic risk. A breach in one company’s systems had immediate and widespread consequences across multiple countries. As digital systems become more centralized, the resilience of global infrastructure will increasingly depend on the cybersecurity posture of individual vendors.

Go Deeper -> European airports slowly get back online after cyberattack targeted check-in systems – CBS News

EU cyber agency says airport software held to ransom by criminals – BBC

Airport cyberattack disrupts more flights across Europe – NBC News