RTX Corporation (formerly Raytheon Technologies) has confirmed that a ransomware attack has compromised systems running its MUSE (Multi-User System Environment) passenger processing software.
The nature of the cyberattack was disclosed in an SEC filing published earlier today. The incident has directly impacted airport operations, aligning with widespread disruptions reported across Europe last week.
According to the Form 8-K submitted to the US Securities and Exchange Commission, the company became aware of the incident on September 19. The attack targeted MUSE systems operating on customer networks rather than RTX’s internal infrastructure, prompting an immediate activation of RTX’s incident response plan. Internal and external cybersecurity teams are investigating the intrusion, while law enforcement agencies, both domestic and international, have been notified.
Collins Aerospace’s MUSE platform enables multiple airlines to share airport infrastructure such as check-in counters, gates, and baggage systems. It is widely deployed at international airports and plays a critical role in streamlining airline operations, especially in high-traffic terminals. The ransomware attack disrupted this backbone system, forcing many affected airports to switch to manual fallback procedures and causing delays and cancellations across airline schedules. As we reported earlier, the attack crippled passenger processing systems at London Heathrow, Brussels Airport, and Berlin Brandenburg, with airlines forced to revert to manual check-in and boarding procedures.
RTX Corporation, headquartered in Arlington, Virginia, is a major defense and aerospace contractor with a global footprint. Collins Aerospace, one of its key subsidiaries, provides aviation systems used by both civilian airports and military operators. The MUSE software is part of Collins’ broader airport infrastructure offerings, which are embedded in airport workflows at hubs across Europe, North America, and Asia.
The SEC filing clarifies that the breach occurred outside the company’s enterprise network, affecting systems deployed on customer premises. RTX has not disclosed the identity of the ransomware actors, and no announcements have been made on the dark web yet.
At the same time, the authorities in the UK have announced the arrest of the person responsible for the attack in West Sussex, but have not shared many details with the public yet.
Leave a Reply