Cyber Attack cyber

Collins Aerospace

Jun 16, 2023 3 min read
Collins Aerospace

A cyber-attack disrupted Collins Aerospace’s MUSE (Multi-User System Environment) passenger handling software, crippling check-in and boarding systems at major European airports, including Heathrow (London), Brussels, and Berlin. The attack forced airports to revert to manual check-in and baggage processing, causing hundreds of flight delays and cancellations, long passenger queues, and operational chaos. Passengers reported waiting up to three hours just to check in, leading to missed connections, heated confrontations, and widespread frustration. The incident highlighted vulnerabilities in the interdependent digital infrastructure of air travel, with prior reports suggesting Collins Aerospace had been targeted by ransomware-seeking hackers in 2023. While the company worked to restore systems, the disruption had cascading effects on travel logistics, airline reputations, and passenger trust, with some travelers stranded or forced to rebook flights. Authorities, including the UK government and European Commission, investigated potential state-sponsored involvement (e.g., Russia), though no definitive attribution was confirmed at the time.

Source: https://www.msn.com/en-my/news/other/london-heathrow-hit-by-cyberattack-targeting-europe/ar-AA1MWY13

TPRM report: https://www.rankiteo.com/company/collins-aerospace

"id": "col3695636100325",
"linkid": "collins-aerospace",
"type": "Cyber Attack",
"date": "6/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Multiple airlines and airports '
                                              'globally',
                        'industry': 'Aerospace/Defense',
                        'location': 'USA (Global Operations)',
                        'name': 'Collins Aerospace',
                        'size': 'Large (Subsidiary of RTX)',
                        'type': 'Aviation and Defense Company'},
                       {'customers_affected': 'Hundreds of passengers (e.g., '
                                              'Maria Casey, Gareth Ford)',
                        'industry': 'Aviation',
                        'location': 'London, UK',
                        'name': 'London Heathrow Airport (Terminal 4)',
                        'size': 'Large',
                        'type': 'Airport'},
                       {'customers_affected': 'Multiple passengers (exact '
                                              'number unspecified)',
                        'industry': 'Aviation',
                        'location': 'Brussels, Belgium',
                        'name': 'Brussels Airport',
                        'size': 'Large',
                        'type': 'Airport'},
                       {'customers_affected': 'Multiple passengers (e.g., Kim '
                                              'Reisen, Siegfried Schwarz)',
                        'industry': 'Aviation',
                        'location': 'Berlin, Germany',
                        'name': 'Berlin Airport',
                        'size': 'Large',
                        'type': 'Airport'},
                       {'industry': 'Aerospace/Defense',
                        'location': 'USA',
                        'name': 'RTX (Parent Company of Collins Aerospace)',
                        'size': 'Large',
                        'type': 'Conglomerate'}],
 'attack_vector': ['Software Exploitation (MUSE passenger handling system)',
                   'Targeted Disruption of Aviation IT Infrastructure'],
 'customer_advisories': ['Passengers advised to check flight status before '
                         'traveling',
                         'Airlines required to provide meals/accommodation for '
                         'delayed/cancelled flights (UK/EU regulations)'],
 'date_detected': '2024-09-19T22:00:00Z',
 'date_publicly_disclosed': '2024-09-20',
 'description': "A cyber-attack targeted Collins Aerospace's MUSE (Multi-User "
                'System Environment) passenger handling software, causing '
                'widespread disruptions at major European airports, including '
                'London Heathrow, Brussels, and Berlin. The attack led to '
                'manual check-in and boarding processes, resulting in '
                'significant flight delays and cancellations. The incident '
                'highlighted vulnerabilities in the digital infrastructure '
                'supporting air travel, with suspicions of potential '
                'state-sponsored involvement (e.g., Russia) though no '
                'definitive attribution was confirmed. The disruption affected '
                'hundreds of passengers, causing operational chaos, financial '
                'losses, and reputational damage to airlines and airports.',
 'impact': {'brand_reputation_impact': ['Negative media coverage',
                                        'Passenger distrust in aviation IT '
                                        'systems',
                                        'Criticism of Collins Aerospace and '
                                        'affected airports'],
            'customer_complaints': ['Long queues (3+ hours)',
                                    'Missed connecting flights',
                                    'Lack of communication',
                                    'Arguments among passengers'],
            'downtime': 'Ongoing as of last report (2024-09-20)',
            'operational_impact': ['Flight Delays (hundreds)',
                                   'Flight Cancellations',
                                   'Manual Check-in/Baggage Processing',
                                   'Passenger Frustration and Chaos',
                                   'Disrupted Connecting Flights'],
            'systems_affected': ['Collins Aerospace MUSE Software',
                                 'Check-in Systems',
                                 'Baggage Handling Systems']},
 'initial_access_broker': {'high_value_targets': ['MUSE passenger handling '
                                                  'software']},
 'investigation_status': 'Ongoing (origin under investigation; no confirmation '
                         'of widespread/severe attack)',
 'motivation': ['Disruption of Critical Infrastructure',
                'Potential Financial Gain (if ransomware)',
                'Geopolitical Tensions (speculative)'],
 'references': [{'date_accessed': '2024-09-20',
                 'source': 'Metro.co.uk',
                 'url': 'https://metro.co.uk'},
                {'date_accessed': '2024-09-20',
                 'source': 'Reuters',
                 'url': 'https://www.reuters.com'},
                {'date_accessed': '2024-09-20',
                 'source': 'Brussels Airport Statement',
                 'url': 'https://www.brusselsairport.be'},
                {'date_accessed': '2024-09-20',
                 'source': 'Berlin Airport Website',
                 'url': 'https://www.berlin-airport.de'},
                {'date_accessed': '2024-09-20',
                 'source': 'Collins Aerospace/RTX Press Release'},
                {'date_accessed': '2024-09-20',
                 'source': 'UK Transport Minister Heidi Alexander'},
                {'date_accessed': '2024-09-20',
                 'source': 'Sophos Threat Intelligence (Rafe Pilling)',
                 'url': 'https://www.sophos.com'},
                {'date_accessed': '2024-09-20',
                 'source': 'Liberal Democrats (Calum Miller)'},
                {'date_accessed': '2024-09-20',
                 'source': 'European Commission'}],
 'regulatory_compliance': {'regulatory_notifications': ['European Commission '
                                                        'monitoring (no '
                                                        'widespread/severe '
                                                        'attack confirmed)']},
 'response': {'communication_strategy': ['Public statements by Collins '
                                         'Aerospace/RTX',
                                         'Airport advisories (e.g., Brussels '
                                         'Airport, Berlin Airport)',
                                         'Government updates (UK Transport '
                                         'Minister Heidi Alexander)',
                                         'Media interviews with affected '
                                         'passengers'],
              'containment_measures': ['Manual Check-in/Baggage Processing '
                                       'Workaround'],
              'incident_response_plan_activated': True,
              'remediation_measures': ['Restoring MUSE software '
                                       'functionality']},
 'stakeholder_advisories': ['UK Transport Minister updates',
                            'Airport advisories (Heathrow, Brussels, Berlin)',
                            'Collins Aerospace/RTX statements'],
 'title': 'Cyber-Attack Disrupts Major European Airports via Collins Aerospace '
          'MUSE Software',
 'type': ['Cyber-Attack', 'Potential Ransomware', 'Digital Sabotage']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.