Cyberattack on Collins Aerospace disrupts European airports; experts weigh Russia link amid NATO airspace incursions

An apparent cyberattack disrupted check-in and boarding systems used by Collins Aerospace, triggering widespread disruption at several European airports including London Heathrow, Berlin Brandenburg and Brussels. Collins Aerospace, a unit of RTX, said the incident resulted in a technical issue that could delay departing passengers as its service to multiple airports experienced outages. The disruption affected the ability of travelers to check in online and drop baggage, forcing some airports to revert to manual processing while staff assisted in person.

Passengers faced long queues and flight delays as online check-in and boarding systems went offline. Airports and airlines issued guidance advising travelers to verify status with individual carriers and to allow extra time for check-in. Heathrow’s official statement said the disruption affected check-in and boarding and that staff were deployed to assist; Brussels Airport noted that only manual check-in and boarding were possible; Berlin Brandenburg also reported longer waiting times and that a quick solution was in progress. EasyJet said it did not expect the issue to affect the remainder of the day’s schedule.

RTX described the impact as limited to electronic check-in and baggage drop, and noted that manual procedures could mitigate the disruption while it works to restore full functionality. The company said it was actively addressing the issue and that the systems are used by Collins Aerospace in several airports globally. The incident adds to a history of cyber incidents linked to Collins Aerospace in the public record, including prior allegations that adversaries targeted its systems. RTX and Collins have not attributed the current disruption to any actor yet, emphasizing that investigations continue.

Security experts were divided on attribution. A security expert told the Daily Mail that Russia “could well be” behind Friday’s attack, arguing that the timing followed reported Russian incursions into NATO airspace and that Moscow has one of the world’s largest hacker groups and a history of targeting European energy and telecoms networks. The suggestion reflects a broader pattern of geopolitics playing out in cyberspace, according to analysts. Others cautioned against premature conclusions, noting the need for formal attribution from investigators and the possibility that the cyberattack could be the work of criminal or opportunistic actors.

Industry observers described the attack as “very clever” for its ability to affect several airports and carriers at once. Aviation and travel expert Paul Charles said the disruption highlighted the vulnerability of high-value, interconnected systems and underscored the need for resilient, decentralized IT infrastructure across critical transport networks. He noted that Collins Aerospace, as a major supplier, raises concerns about potential tampering of its systems and the broader implications for national security when government and industry systems are linked. The incident arrives as geopolitical strains in the region persist, including recent Baltic-area airspace tensions and Russia’s ongoing campaign in Ukraine, which have heightened scrutiny of cyber and aviation security across Europe.

Authorities and industry groups said they would continue to monitor the situation and work with providers to restore services. The disruption illuminated the fragile ecosystem underpinning modern travel, where a single outage in a software layer can ripple across airports, airlines and passengers worldwide. While investigators pursue attribution, the incident has already accelerated discussions among policymakers and industry leaders about strengthening cyber defenses, reducing single points of failure, and building more resilient, decentralized systems to safeguard critical infrastructure.