2 godzin temu
LONDON- British police arrested a man in his forties linked to a cyberattack that disrupted the MUSE check-in and boarding system at major European airports, including London Heathrow Airport (LHR), Brussels Airport (BRU), and Berlin Brandenburg Airport (BER).
The incident, reported by PYOK, struck late Friday, forcing manual operations and causing widespread delays for airlines like British Airways (BA) and Lufthansa (LH).
Collins Aerospace, the US-based provider of the affected software, continues efforts to restore full functionality after a corrupted patch delayed recovery. While Heathrow and Berlin now operate normally, Brussels faced severe restrictions until midweek.
Photo: Ferrovial ConstructionBritish Police Arrest Man
The cyberattack targeted Collins Aerospace’s MUSE software, a multi-user system that enables shared check-in desks and boarding gates for multiple airlines at airports worldwide
This Friday night breach rendered automated check-in and baggage drop inoperable at key facilities, compelling staff to switch to manual processes.
Heathrow Airport (LHR) reported initial delays affecting hundreds of flights, but British Airways (BA) activated backup systems to minimize the impact.
In contrast, Brussels Airport (BRU) suffered the heaviest toll, with airlines such as Brussels Airlines (SN) and Ryanair (FR) facing queue overloads that prompted 50 cancellations on Sunday alone out of 257 scheduled departures.
Berlin Brandenburg Airport (BER) experienced moderate disruptions, primarily for Lufthansa (LH) and Eurowings (EW) operations, but recovered swiftly through coordinated manual handling.
Aviation data from Cirium showed 29 total cancellations across the three airports by midday Saturday, underscoring the attack’s ripple effects on 1,105 combined scheduled flights.
Cybersecurity experts note that such incidents exploit centralized third-party dependencies, amplifying vulnerabilities in aviation’s digital backbone.
The European Union Agency for Cybersecurity later classified the breach as a ransomware operation, highlighting a 600% surge in sector-targeted attacks from 2024 to 2025.
Photo: By Mitchul Hope – Emirates | A6-EOT | Airbus A380-841 | London Heathrow Airport (LHR/EGLL), CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=129305856Arrest and Ongoing Investigation
Britain’s National Crime Agency (NCA) conducted the arrest on Tuesday evening in West Sussex, charging the suspect under the Computer Misuse Act for alleged involvement in the disruption.
NCA Deputy Director Paul Foster, leading the National Cyber Crime Unit, described the operation as a key early milestone, though the probe remains active with no further suspects named.
The man, released on conditional bail, awaits further questioning as investigators trace the attack’s origins, potentially tied to prior breaches at Collins Aerospace in 2023.
The NCA collaborates with the UK’s National Cyber Security Centre, the Department for Transport, and international partners to assess broader implications.
Foster emphasized that while manual mitigations contained immediate chaos, full digital restoration demands rigorous forensic analysis to prevent recurrence.
No evidence links the incident to state actors, but officials monitor for copycat threats in high-traffic aviation networks.
Photo: Heathrow AirportRecovery Challenges and Rebuild Efforts
Collins Aerospace identified the intrusion Saturday, initially deploying a patch Monday that testing revealed as corrupted, affecting over 1,000 systems.
his forced a complete rebuild of software environments for impacted airlines, a labor-intensive process involving on-site reconfiguration at airports.
An internal Heathrow memo detailed overnight work by Collins teams, yet persistent glitches extended delays into Tuesday.
By Wednesday, Brussels Airport (BRU) eased caps to 10% of flights, down from 50% cuts, while Heathrow (LHR) and Berlin (BER) resumed full schedules. RTX, Collins’ parent, confirmed impacts stayed limited to electronic processes, with no data breaches reported.
Experts warn that rebuilding exposes temporary weaknesses, urging airlines to diversify vendors. Full resolution timelines remain fluid, but Collins stated Monday it nears completion of secure updates for all four affected sites.
By Andrew Milligan sumo – Departures Terminal 5, London Heathrow Airport, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=105402952Broader Implications
This event exposes aviation’s reliance on single providers like Collins, creating single points of failure that hackers exploit for maximum disruption.
Past incidents, including a 2023 Collins breach, signal escalating risks from ransomware groups targeting operational tech. Regulators now push for enhanced resilience, such as redundant systems and real-time threat sharing.
Airlines face mounting pressure to invest in cyber defenses amid rising costs from delays—estimated at millions daily. Travelers encounter manual checks’ inefficiencies, from longer waits to higher error rates in boarding.
The incident accelerates EU-wide mandates for critical infrastructure audits, aiming to shield passengers and operators from future digital assaults.
Stay tuned with us. Further, follow us on social media for the latest updates.
Join us on Telegram Group for the Latest Aviation Updates. Subsequently, follow us on Google News
British Airways Drunk 787 Pilot Arrested at Edinburgh Airport
The post British Police Arrest Man Linked to European Airport Cyber Attack appeared first on Aviation A2Z.
