iscover
ENISA, the European Union Agency for Cybersecurity, has pointed the finger at a ransomware incident as the cause of major outages at a string of airports in the UK and EU over the weekend.
ENISA said it knows the type of ransomware employed, but has not shared any details of the threat actor behind the incident. While there has been some speculation that hackers linked to the Scattered Spider collective may be behind the attack, no actor has yet claimed responsibility.
This content is available exclusively to Australian Aviation members.
A monthly membership is only $5.99 or save with our annual plans.
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
Scattered Spider had been a suspect in July’s cyber-attack on Qantas, which reportedly involved cyber criminals using AI to impersonate a Qantas employee and then tricking a customer service operator in Manila into divulging crucial information; however, later investigations have pointed at a different group, ShinyHunters.
“ENISA is aware of the ongoing disruption of airports’ operations, which were caused by a third-party ransomware incident,” an ENISA spokesperson said overnight.
“At this moment, ENISA cannot share further information regarding the cyber attack.”
The United Kingdom’s National Centre for Cyber Security has also released a statement regarding the incident.
“We are working with Collins Aerospace and affected UK airports, alongside Department for Transport and law enforcement colleagues, to fully understand the impact of an incident,” an NCSC spokesperson said.
“All organisations are urged to make use of the NCSC’s free guidance, services and tools to help reduce the chances of a cyber attack and bolster their resilience in the face of online threats.”
In a heightened atmosphere following multiple violations of EU airspace by Russian assets in recent days, UK LibDems MP Calum Miller had called for an investigation into possible Russian involvement with the Collins Aerospace hack.
“After the flagrant violation of Estonian airspace, the government needs to urgently establish if Vladimir Putin is now attacking our cyber systems,” Miller said.
According to SOCRader, one NATO-linked security expert called the attack “very clever,” while other theories have suggested a link to a broader “cyber axis” made up of Russia, China, Iran, and North Korea. A possible motivation could be Collins Aerospace’s ties to NATO as a defence contractor.
The initial attack took place on the evening of Friday, September 19, effectively halting electronic check-ins using Collin Aerospace’s Muse platform. Disruption continued into Saturday and Sunday, with more than 25 flight cancellations, hundreds of delays, and operators forced to switch to manual check-in processes.
“We have become aware of a cyber-related disruption to our Muse software in select airports. We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible,” Collins Aerospace said on September 20.
“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations. We will share more details as they are available.”
