ZeroFox Intelligence Flash Report - Cyberattacks on European Airports Reveal Contagion Risk

ZeroFox Intelligence Flash Report - Cyberattacks on European Airports Reveal Contagion Risk

Product Serial: F-2025-09-22a

TLP:CLEAR

In this Flash report, ZeroFox researchers discuss recent cyberattacks that caused widespread operational disruption at major European airports, resulting in flight cancellations and delays.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

• Over the weekend of September 19–21, 2025, a cyberattack caused widespread operational disruption at major European airports, resulting in a host of flight cancellations and delays.
• As of writing, no threat actor has claimed responsibility for the attack. The attribution details—such as the ransomware strain or the threat actor responsible—have not yet been made public, and it remains unclear whether a third-party vendor or Collins Aerospace itself was targeted.
• This attack highlights a critical vulnerability in the IT infrastructure used in the aviation industry, especially where third-party systems support multiple airports and airlines.
• The airline industry likely faces significant pressure to quickly meet ransomware demands, as customer satisfaction and maintaining scheduled flight times are crucial to its business model.