Collins Aerospace, a critical supplier in the aerospace and defense industry, fell victim to a ransomware attack that disrupted European airports by targeting its digital supply chain dependencies. The incident, highlighted in ENISA’s *Threat Landscape 2025* report, exemplifies how cyber-attacks on high-value vendors can cascade into broader operational failures. While specific details on data compromise were not disclosed, the attack caused significant service outages, delaying flights and grounding operations across multiple airports reliant on Collins’ systems. The disruption underscored vulnerabilities in interconnected OT (operational technology) and supply chain networks, where a single breach can paralyze downstream services. ENISA warned that such attacks exploit critical dependency points, amplifying impact beyond the initial target. The incident aligns with a rising trend of threat actors leveraging ransomware to cripple essential infrastructure, with financial and reputational fallout extending to airlines, passengers, and regulatory bodies. No direct mention of data theft was made, but the operational halt suggests severe financial losses, reputational damage, and potential regulatory scrutiny for failing to secure supply chain resilience.
Source: https://www.infosecurity-magazine.com/news/phishing-dominates-euwide/
TPRM report: https://www.rankiteo.com/company/collins-aerospace
"id": "col5132151100225",
"linkid": "collins-aerospace",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Cross-Sector (Public Administration, '
'Critical Infrastructure, Supply Chain)',
'location': 'European Union',
'name': 'European Union Organizations (General)',
'type': 'Multinational'},
{'industry': 'Aerospace/Defense',
'location': 'Global (impacted European airports)',
'name': 'Collins Aerospace',
'type': 'Corporation'},
{'industry': 'Public Sector',
'location': 'European Union',
'name': 'Public Administration (EU)',
'type': 'Government'}],
'attack_vector': ['Phishing (60%)',
'Vulnerability Exploitation (21%)',
'Botnets (10%)',
'Malicious Applications (8%)',
'DDoS (77% of incidents)',
'AI-Powered Phishing (80% of social engineering)',
'Supply Chain Compromise'],
'date_detected': '2024-07-01',
'date_publicly_disclosed': '2025-07-01',
'description': 'Phishing and vulnerability exploitation accounted for the '
'majority of initial access in cyber-attacks against EU '
'organizations over the past year, according to ENISA. The '
'report analyzed 4,875 incidents, with phishing (60%) and '
'vulnerability exploitation (21%) as the top attack vectors. '
'DDoS attacks dominated in volume (77% of incidents), though '
'only 2% caused service disruption. Hacktivists, led by '
'Russian actor NoName057(16), were the primary threat actors '
'(79% of attacks), often targeting public administration (38%) '
'and leveraging geopolitical tensions. Ransomware was deemed '
'the most impactful threat, while AI-powered phishing surged '
'to 80% of social engineering activity. Outdated mobile/OT '
'systems and supply chain dependencies were flagged as '
'high-risk targets.',
'impact': {'brand_reputation_impact': ['Erosion of trust in public '
'administration',
'Supply chain vulnerability exposure'],
'downtime': 'Limited (2% of DDoS attacks caused disruption)',
'operational_impact': ['Supply Chain Ripple Effects',
'Airport Disruptions (via Collins Aerospace '
'ransomware)',
'Public Sector Targeting (38%)'],
'systems_affected': ['Outdated Mobile Devices',
'Operational Technology (OT) Systems',
'Public Administration (38% of attacks)',
'Critical Supply Chain Dependencies (e.g., '
'Collins Aerospace)',
'European Airports (disruption example)']},
'initial_access_broker': {'backdoors_established': 'Likely (68% of intrusions '
'led to malware '
'deployment)',
'entry_point': ['Phishing (60%)',
'Vulnerability Exploitation (21%)',
'Botnets (10%)',
'Malicious Applications (8%)'],
'high_value_targets': ['Outdated Mobile Devices',
'Operational Technology (OT) '
'Systems',
'Critical Supply Chain '
'Nodes']},
'investigation_status': 'Completed (report published)',
'lessons_learned': ['AI amplification of phishing (80% of social engineering '
'by 2025) requires adaptive defenses.',
'Supply chain dependencies create systemic risks (e.g., '
'Collins Aerospace airport disruptions).',
'Convergence of hacktivism and state-sponsored TTPs '
'complicates attribution.',
'Outdated OT/mobile systems remain high-value targets.',
'DDoS volume (77% of incidents) masks low disruption rate '
'(2%), but still strains resources.'],
'motivation': ['Geopolitical (79%, e.g., elections, EU support for opposition '
'groups)',
'Financial (13%)',
'Cyber-Espionage (7%)'],
'post_incident_analysis': {'corrective_actions': ['EU-wide coordination '
'(e.g., ENISA’s €36m '
'incident response scheme).',
'Mandatory OT/mobile system '
'updates in critical '
'sectors.',
'Supply chain cybersecurity '
'frameworks (e.g., '
'third-party audits).',
'Public-private '
'collaboration to counter '
'DDoS/hacktivism.',
'Investment in AI-driven '
'threat detection and '
'attribution tools.'],
'root_causes': ['Overreliance on outdated '
'OT/mobile systems with unpatched '
'vulnerabilities.',
'Insufficient supply chain '
'cybersecurity controls (e.g., '
'Collins Aerospace case).',
'Lack of adaptive defenses against '
'AI-enhanced phishing.',
'Geopolitical tensions exploited '
'by hacktivist/state-sponsored '
'actors.',
'Difficulty in attributing blended '
'hacktivism/state-sponsored '
'attacks.']},
'ransomware': {'data_encryption': 'Likely (most impactful threat)'},
'recommendations': ['Prioritize patching for OT and mobile systems to reduce '
'vulnerability exploitation.',
'Enhance supply chain cybersecurity resilience (e.g., '
'third-party risk assessments).',
'Deploy AI-driven phishing detection to counter '
'AI-powered attacks.',
'Improve attribution capabilities to distinguish '
'hacktivism from state-sponsored faketivism.',
'Public administration should harden defenses against '
'geopolitically motivated DDoS.',
'Collaborate on EU-wide incident response (e.g., ENISA’s '
'€36m scheme).'],
'references': [{'date_accessed': '2025-07-01',
'source': 'ENISA Threat Landscape 2025 Report'},
{'source': 'Infosecurity Magazine: ENISA to Coordinate €36m '
'EU-Wide Incident Response Scheme'}],
'threat_actor': [{'motivation': 'Geopolitical (anti-EU/EU-aligned causes)',
'name': 'NoName057(16)',
'tools': ['DDoSia platform'],
'type': 'Hacktivist (Russian-aligned)'},
{'motivation': ['Cyber-Espionage (7%)',
'Geopolitical Influence'],
'name': 'Unspecified State-Sponsored Actors',
'tactics': ['Faketivism (posing as hacktivists)'],
'type': 'State-Sponsored (blended with hacktivism)'},
{'methods': ['Ransomware', 'Data Theft'],
'motivation': 'Financial Gain (13%)',
'name': 'Financially Motivated Actors',
'type': 'Cybercriminal'}],
'title': 'ENISA Threat Landscape 2025: Phishing and Vulnerability '
'Exploitation Dominate EU Cyber Incidents (July 2024 - June 2025)',
'type': ['Phishing',
'Vulnerability Exploitation',
'DDoS',
'Ransomware',
'Hacktivism',
'Malware Deployment',
'Supply Chain Attack']}