Suspect Arrested in Cyberattack at European Airport Associated with Obscure Ransomware
Suspect Arrested in Cyberattack at European Airport Associated with Obscure Ransomware
Cybersecurity experts think that a ransomware component called HardBit was responsible for the attack on Collins Aerospace.
A type of ransomware called HardBit is said to have been implicated in the recent cyberattack against the aerospace and defense business Collins Aerospace, which has seriously disrupted key airports throughout Europe.
The HardBit ransomware first surfaced in October 2022, and it gained notoriety a few months later when it was discovered that the cybercriminals were prepared to compromise on ransom demands in accordance with the cyberinsurance policies of their victims. Since then, HardBit has not received many reports.
HardBit ransomware is being used by cybercriminals to encrypt files on compromised systems and purport to steal victim data. However, in contrast to many other ransomware operations, they don’t seem to have a website where they identify victims and reveal stolen information.
On Monday, the EU cybersecurity agency ENISA disclosed that a ransomware attack was the cause of the airport outages, but it withheld further information.
Kevin Beaumont, a cybersecurity expert, said Tuesday that the hack used a version of HardBit that was “incredibly basic.” According to insiders, Collins Aerospace has been unable to get rid of the malware, and cleanup attempts have resulted in machines getting infected again.
After rebuilding and relaunching its systems, Collins discovered the hackers were still within its network, according to a BBC report earlier this week that said over a thousand PCs might have been affected.
Dominic Alvieri, a ransomware specialist, told SecurityWeek that his sources had verified HardBit’s role in the attack. However, the researcher noted that anyone might have targeted Collins Aerospace with the HardBit ransomware, which is distributed through an affiliate program.
Alvieri further noted that attribution may become more difficult because some HardBit affiliates have also been known to utilize the Mimic ransomware. But in this instance, the expert doesn’t think that’s accurate.
Alvieri also told SecurityWeek that Collins Aerospace was the target of the infamous ransomware gang BianLian in 2023, which claimed to have stolen business files, operational data, and employee personal information. BianLian may have left a backdoor on Collins’ systems during the 2023 hack, although it hasn’t been active since March 2025.
Earlier this week, there were hints that the infamous ShinyHunters hackers might have been involved. The aviation sector is known to have been the target of Scattered Spider, which is associated with ShinyHunters.
A 40-year-old man was taken into custody in West Sussex as part of an investigation into the Collins Aerospace cyberattack, the BBC was informed by the UK’s National Crime Agency (NCA) on Wednesday.
After being taken into custody on Tuesday night, the suspect was eventually freed on bond. According to NCA officials, the probe is still in its early phases.
Two Scattered Spider suspects were taken into custody by UK authorities. One of them has been convicted in the US judiciary over critical infrastructure breaches.
London Heathrow, Brussels Airport, and Berlin Brandenburg are among the main airports in the UK, Germany, and Belgium that have been affected by the cyberattack on Collins Aerospace, which provides check-in and boarding systems.
Delays and flight cancellations have been reported by the impacted airports, with delays lasting into Wednesday. As of this writing, a sizable portion of delayed departures at the impacted airports are still visible on FlightRadar24.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
Chinese Hackers RedNovember Use Cobalt Strike and Pantegana to Target Governments Across the World
About Author
English