A cyber attack on Collins Aerospace’s Muse software platform used for flight check-ins, baggage handling, and boarding coordination disrupted operations at major European airports, including Heathrow (UK), Berlin (Germany), and Brussels (Belgium). The attack forced airlines to manually process passengers, leading to flight cancellations, delays, and stranded travelers. While Collins confirmed the breach, no details were disclosed regarding the attacker’s identity, motive, or potential customer data compromise. The incident follows geopolitical tensions, with suspicions pointing toward state-backed Russian hackers targeting European infrastructure. Delhi and Bengaluru airports (India), which also use Muse, remained unaffected but are monitoring the situation. The attack highlights vulnerabilities in critical aviation software monopolies, where redundancies are limited, and disruptions cascade globally.
TPRM report: https://www.rankiteo.com/company/collins-aerospace
"id": "col4541545100525",
"linkid": "collins-aerospace",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Multiple Airlines & Airports '
'(Heathrow, Berlin, Brussels, '
'Delhi, Bengaluru)',
'industry': 'Aviation Software',
'location': 'USA (Global Operations)',
'name': 'Collins Aerospace (RTX Corp)',
'type': 'Aerospace/Defense Conglomerate'},
{'customers_affected': 'Global (Retail & Manufacturing)',
'industry': 'Automotive',
'location': 'UK (Global Operations: Brazil, UK, India)',
'name': 'Jaguar Land Rover (JLR)',
'type': 'Automotive Manufacturer'},
{'customers_affected': 'Travellers (Flight Disruptions)',
'industry': 'Aviation',
'location': 'London, UK',
'name': 'Heathrow Airport (LHR)',
'size': '84M Annual Passengers (2024)',
'type': 'Airport'},
{'customers_affected': 'Travellers',
'industry': 'Aviation',
'location': 'Berlin, Germany',
'name': 'Berlin Brandenburg Airport',
'type': 'Airport'},
{'customers_affected': 'Travellers',
'industry': 'Aviation',
'location': 'Brussels, Belgium',
'name': 'Brussels Airport',
'type': 'Airport'},
{'customers_affected': 'Indirect (JLR Parent Company)',
'industry': 'Automotive',
'location': 'India',
'name': 'Tata Motors',
'type': 'Automotive Conglomerate'}],
'attack_vector': ['Software Platform Exploit (Muse by Collins Aerospace)',
'Smart Factory Coordination Platform (JLR)'],
'customer_advisories': ['Airline Passengers: Expect Delays/Cancellations',
'JLR Customers: Manufacturing Delays'],
'data_breach': {'data_exfiltration': 'Suspected (JLR)',
'personally_identifiable_information': 'Potential (JLR)',
'sensitivity_of_data': 'High (PII Risk for JLR)',
'type_of_data_compromised': ['Potential Customer Data (JLR)',
'Operational Data (Airports)']},
'date_detected': ['2024-09-07T00:00:00Z', '2024-08-31T00:00:00Z'],
'date_publicly_disclosed': ['2024-09-07T00:00:00Z', '2024-08-31T00:00:00Z'],
'description': "A cyber attack on Collins Aerospace's Muse software platform "
'disrupted operations at major European airports (Heathrow, '
'Berlin, Brussels) on a Saturday, causing flight check-in and '
'baggage drop failures. Separately, Jaguar Land Rover (JLR) '
'suffered a targeted cyber attack on 31 August, halting global '
'manufacturing and retail operations for three weeks. The '
'airport attack is suspected to be nation-state-backed '
'(possibly Russia), while the JLR breach appears financially '
"motivated by the 'Scattered Spider' group, which previously "
'targeted Marks & Spencer. Indian airports (Delhi, Bengaluru) '
"using Muse remain unaffected, but Tata Motors (JLR's parent) "
'faces potential financial losses in Q3 2024.',
'impact': {'brand_reputation_impact': ['Collins Aerospace (Software '
'Reliability Concerns)',
'JLR/Tata Motors (Operational '
'Resilience Questions)',
'Trust Erosion in Air Travel Systems'],
'customer_complaints': ['Stranded Passengers (Airports)',
'Social Media Outrage'],
'data_compromised': ['Potential customer data (JLR)',
'Unknown (Airport Systems)'],
'downtime': ['Ongoing (Airports: Partial Recovery; JLR: 3+ Weeks)',
'JLR Manufacturing Halted Until 2024-09-24'],
'identity_theft_risk': 'Potential (JLR Customer Data)',
'operational_impact': ['Flight Cancellations/Rescheduling (Europe)',
'Manual Check-ins & Baggage Handling',
'JLR Global Production Stoppage (Brazil, '
'UK, India)',
'Supply Chain Disruptions'],
'revenue_loss': ['Tata Motors Q3 Financial Hit (JLR = 70% of '
'Consolidated Revenue)',
'Airline & Airport Revenue Losses (Unquantified)'],
'systems_affected': ['Muse Software (Flight Check-in, Baggage '
'Drop, Boarding Gate Coordination)',
'JLR Manufacturing & Retail Software '
'Platforms (Global)']},
'initial_access_broker': {'data_sold_on_dark_web': 'Claimed by Scattered '
'Spider (JLR)',
'entry_point': ['Muse Software Vulnerability '
'(Airports)',
'Smart Factory Platform (JLR)'],
'high_value_targets': ['European Aviation '
'Infrastructure',
'JLR Global Operations']},
'investigation_status': 'Ongoing (Collins Aerospace, JLR, NATO, MeitY)',
'lessons_learned': ['Over-reliance on Monopolistic Software (Airports)',
'Ransomware-as-a-Service (Raas) Threat Growth',
'Need for Proactive Redundancies in Critical '
'Infrastructure',
'Geopolitical Cyber Risks in Aviation Sector'],
'motivation': ['Geopolitical (Airport Attack)', 'Financial (JLR Attack)'],
'post_incident_analysis': {'root_causes': ['Software Monoculture in Aviation',
'Insufficient Air-Gapping (JLR)',
'Geopolitical Tensions '
'(Russia-Estonia Dispute)']},
'ransomware': {'data_encryption': 'Suspected (JLR)',
'data_exfiltration': 'Claimed by Scattered Spider',
'ransom_demanded': 'Likely (JLR; Scattered Spider Group)'},
'recommendations': ['Diversify Software Vendors for Critical Operations',
'Enhance Dark Web Monitoring for Threat Intelligence',
'Air-Gapped Backups for Manufacturing Systems',
'NATO-EU Cyber Defense Collaboration'],
'references': [{'date_accessed': '2024-09-10', 'source': 'Mint (LiveMint)'},
{'date_accessed': '2024-09-10',
'source': 'Airports Council International (ACI)'},
{'date_accessed': '2024-09-10',
'source': 'Open-Source Intelligence (OSINT) Reports'}],
'regulatory_compliance': {'regulatory_notifications': ['Indian MeitY '
'Monitoring',
'Potential NATO '
'Involvement (Airport '
'Attack)']},
'response': {'communication_strategy': ['Collins Aerospace: Limited Public '
'Statement',
'JLR/Tata Motors: No Detailed '
'Disclosure',
'Indian Government (MeitY): '
'Monitoring Situation'],
'containment_measures': ['JLR: Global Software Shutdown '
'(Manufacturing & Retail)',
'Airports: Manual Process Workarounds'],
'enhanced_monitoring': 'Yes (Indian Airports)',
'incident_response_plan_activated': 'Yes (Partial Details)',
'recovery_measures': ['JLR: Targeting 2024-09-24 Restart',
'Airports: Gradual System Restoration']},
'stakeholder_advisories': ['Indian Airports (Delhi, Bengaluru) on Alert',
'Tata Motors Shareholders (No Material Disclosure '
'Yet)'],
'threat_actor': [{'motivation': 'Geopolitical (Distraction during '
'Estonia-Russia aerospace dispute)',
'name': 'Suspected Russian Nation-State Hackers',
'target': 'Collins Aerospace (Muse Platform)'},
{'motivation': 'Financial (Ransomware)',
'name': 'Scattered Spider',
'previous_attacks': ['Marks & Spencer (March 2024)'],
'target': 'Jaguar Land Rover'}],
'title': 'Cyber Attacks Disrupt Major European Airports and Jaguar Land Rover '
'Operations',
'type': ['Cyber Attack (Software Disruption)',
'Targeted Malware Breach (Potential Ransomware)']}