Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The UK’s National Crime Agency reports arrest of a man in his 40s as Collins Aerospace owner RTX informs SEC of cyber incident.
A man in his 40s has been arrested and released on bail in relation to last week’s Collins Aerospace hack, which caused widespread disruption and delays at several major European airports.
Officers from the UK’s National Crime Agency and the South East Regional Organised Crime Unit made the arrest overnight in West Sussex, on suspicion of offences under the Computer Misuse Act.
“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said in a September 24 statement.
“Cyber-crime is a persistent global threat that continues to cause significant disruption to the UK. Alongside our partners here and overseas, the NCA is committed to reducing that threat in order to protect the British public.”
The news of a possible suspect in the case comes as RTX, the parent company of Collins Aerospace – alongside aerospace and defence giants Pratt & Whitney and Raytheon – filed a Form 8-K with the United States Securities and Exchange Commission outlining the possible impact of the incident.
“On September 19, 2025, RTX Corporation (the “Company”) became aware of a product cyber security incident involving ransomware on systems that support its Multi-User System Environment (“MUSE”) passenger processing software. This software enables multiple airlines to share check-in and gate resources at airports, including baggage handling. The MUSE airport systems operate outside of the RTX enterprise network, residing on customer-specific networks,” the filing says.
“Upon detecting the incident, the Company activated its incident response plan and promptly took steps to assess, contain, respond to and remediate the incident. The Company is diligently investigating the incident with the assistance of internal and external cyber security experts and has notified domestic and international law enforcement authorities and certain other government agencies.”
RTX said it was communicating with its customers and providing technical assistance to the impacted airports, which are still experiencing significant delays due to needing to rely upon manual systems to manage check-ins and boarding.
RTX does not expect the incident to have a material impact on its financial condition or business operations.
According to cyber security expert Kevin Beaumont, the ransomware variant deployed in the attack is Hardbit, a ransomware variant linked to a group of the same name that dates back to 2022.
“The Europe airlines ransomware situation is a variant of Hardbit ransomware, which doesn’t have a portal and is incredibly basic,” Beaumont said in a September 24 post to social media platform Mastodon.
It also appears that Collins Aerospace is struggling to recover its systems.
“They’ve had to restart recovery again as the devices keep getting reinfected,” Beaumont said.
“I’ve never seen an incident like it. Somebody like the NCSC needs to go in and help them with IR.”
Beaumont also called out a pair of publications for apparently false reporting that the hackers involved with the incident employed AI to augment their attack.
“NPR and PBS have somehow managed to run a completely bollocks article linking the EU airport thing to AI – the article itself written by an AI cybersecurity vendor,” Beaumont said.
“It's completely false. The payloads used in this one are detected by free Defender AV with decade old static AV detections. This is not some cyber mega-attack by a ransomware group: it's extremely poor security hygiene.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
