An evacuation on Saturday in Dublin following a bomb alert, and closures on Monday in Oslo and Copenhagen due to drone incursions… These past days have been tumultuous for Europe’s airports.
Added to that was a cyberattack. Not aimed directly at the airports themselves, but at the vendor supplying the software that records passengers and baggage. The first signs were noticed Friday evening. The situation has not yet fully returned to normal.
A widely used American software in European airports
The software in question is called MUSE (Multi-User Systems Environment). It is supplied by Collins Aerospace, a RTX subsidiary (formerly Raytheon Technologies), a heavyweight in the aerospace and defense sector*.
Rolled out at “more than 100 airports” and used by “more than 300 airlines,” MUSE is, in industry terms, a CUPPS (common-use passenger processing system). It enables shared check-in counters and boarding gates. It comprises several modules: SelfServ for self-service check-in, SelfPass for biometric identification, SmartBag for baggage tracking, AirVue for information-display management, and more. On-site deployment remains possible, but Collins Aerospace is keen to highlight the “next generation” of MUSE, hosted on AWS.
With cloud deployments, interconnection is achieved via the AviNet WAN service, which relies on ARINC’s network. This company has been the long-standing provider of airport communications infrastructures for nearly a century. It was owned by the major airlines and various American aerospace manufacturers. Its communications business (which also set standards in avionics) was sold to the Carlyle Group in 2007. Before falling under the umbrella of Rockwell Collins in 2013, which would merge in 2018 with United Technologies to form Collins Aerospace.
An ultimate ransomware
This network appears to have been breached. The attackers may have reached domain controllers within Collins Aerospace’s Windows environment. At the end of the chain, a ransomware could be disseminated, according to ENISA.
On Monday, Collins Aerospace stated that the process of rebuilding the affected systems was nearing completion. On the same day, it emerged that following a restoration attempt from backups, the threat persisted.
At London Heathrow, more than a thousand terminals were reportedly corrupted, and remote restoration was not feasible for most. On site, Collins Aerospace advised airlines not to power down systems or disconnect software. The majority of Sunday and Monday flights were maintained, but some carriers were still manually processing passengers and their baggage.
Work continues to resolve and recover from the outage of a Collins Aerospace airline system that impacted check-in. We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate.
We encourage… pic.twitter.com/S40IbNveqK
– Heathrow Airport (@HeathrowAirport) September 21, 2025
In Berlin‑Brandenburg, Sunday was described as showing “typical delays for a regular day.” On Monday, the airport noted that disruptions remained within acceptable bounds given the circumstances and the surge in traffic caused by the Berlin Marathon. In the evening, the situation was described as “stabilized,” though longer wait times could still be possible.
Der Betrieb am #BER läuft weitgehend stabil, dank des großen Einsatzes unserer Teams und Partner. Heute erhöhtes Passagieraufkommen – längere Wartezeiten möglich.
👉 Online-Check-in nutzen
👉 Self-Service-Automaten verwenden
👉 Fast-Bag-Drop für Gepäck?? https://t.co/3R5yJvnTF1
– BER – Berlin Brandenburg Airport (@berlinairport) September 22, 2025
According to Eurocontrol data, 70% of flights departing Berlin were delayed by more than 15 minutes on Monday. The rate was 85% in Brussels, where, in addition, 63 flights were canceled (40 departures, 23 arrivals).
Limited disruption expected on 22 and 23 September, causing some flight delays and cancellations. Check the status of your flight before coming to the airport. More information on our website: https://t.co/CGtagAiP9J pic.twitter.com/P0Z9Dec8Rd
– Brussels Airport (@BrusselsAirport) September 22, 2025
Sunday at mid-day, Dublin Airport had canceled 13 flights. Travelers were urged to “allow extra time” for bag drop and check-in.
Passenger Update – Monday @ 07.15
The Dublin Airport team is continuing to support airlines today (Monday) as they manage ongoing disruption from a technical issue that is affecting check-in and boarding systems at several airports in Europe.
1/4 🧵 pic.twitter.com/NHWQpRo2LG
– Dublin Airport (@DublinAirport) September 22, 2025
* Collins Aerospace operates four sites in France: Antony (Hauts-de-Seine; fire-suppressant systems for helicopters), Blagnac (Haute-Garonne; avionics for civil helicopters), Figeac (Lot; propellers) and Saint‑Ouen-l’Aumône (Val-d’Oise; flight actuators and winches for helicopters and military transport aircraft).
