The attack began around 11 PM Friday when hackers compromised Collins Aerospace's MUSE platform. This single system handles passenger check-in, baggage processing, and flight management for major European airports including Heathrow, Brussels, Berlin, Dublin, and Cork.
Airports Overwhelmed by Manual Processing
When MUSE went down, airports completely lost their shit. Thousands of passengers are stuck in lines not seen since 9/11. Staff are scrambling to find paper forms they haven't seen since Windows XP was cool.
Brussels Airport is back to 1990s manual processing. Wait times hit 4+ hours for international flights. Heathrow is telling passengers to show up 3 hours early for domestic flights - domestic! Cork just gave up and suspended electronic check-in entirely.
Weekend travel volumes made the timing particularly disruptive, with an estimated 2.3 million passengers affected this weekend.
Single Vendor Creates Massive Risk
Collins Aerospace, a Raytheon subsidiary, provides passenger systems for over 150 airports worldwide. Their MUSE platform processes approximately 30% of European passengers. Put all your eggs in one basket, and surprise - someone kicked the basket. Aviation security experts have been screaming about this for years.
The attack demonstrates the risks of vendor concentration in critical infrastructure. When one provider controls essential services across multiple facilities, a successful breach can cascade across the entire network.
European authorities have repeatedly warned about vendor concentration risks in critical infrastructure. The attack pattern resembles SolarWinds - compromise one provider to impact multiple dependent organizations.
Attack Shows Sophisticated Knowledge of Aviation Systems
Collins won't say how they got pwned, but the targeting suggests these weren't script kiddies - someone knew exactly what they were doing. The attackers focused on core infrastructure rather than customer-facing systems, indicating detailed knowledge of aviation operations.
Compromising aviation systems requires bypassing SITA frameworks (which handle 90% of passenger bookings) and RTCA DO-326A security requirements. The sophistication suggests either state-sponsored actors or well-funded criminal groups with specific aviation expertise. Previous aviation cyberattacks have targeted individual airlines, but this supply chain approach represents a significant escalation in threat actor capabilities.
Systems will stay partially offline through Sunday while incident response teams make sure the attackers didn't leave any backdoors or persistence mechanisms. Recovery is going slow because they have to verify every component before bringing it back online.
Largest Aviation Cyberattack Since WannaCry
This represents the most significant aviation cyberattack since WannaCry disrupted hospital systems in 2017. The strategic approach differs from previous incidents - instead of targeting individual airlines, attackers identified shared infrastructure dependencies to maximize impact across multiple airports simultaneously.
CISA has issued repeated warnings about supply chain attack vectors. This incident demonstrates the cascade effect when attackers compromise a single vendor serving multiple critical facilities.
The attack reveals sophisticated understanding of aviation infrastructure dependencies. European authorities will likely mandate improved redundancy, network segmentation, and incident response capabilities following this disruption.
3.2 Million Passengers Face Extended Disruptions
Approximately 3.2 million passengers face delays or cancellations this weekend. Airports have reverted to manual systems last used in the early 2000s. Staff are receiving refresher training on paper-based processes that many haven't used since digital systems became standard.
Airlines are waiving rebooking fees, but cascading delays will continue through Tuesday. Economic losses exceed €50 million from operational disruptions and passenger compensation requirements.
The incident highlights the risks of extensive digitization without adequate redundancy. When digital systems fail, manual backup processes cannot handle modern passenger volumes, creating bottlenecks that persist long after initial system restoration.