Two separate cyberattacks targeted Collins Aerospace during the week of September 15-19, 2025, involving data exfiltration by the group Everest and a ransomware incident causing major disruptions. These incidents highlight vulnerabilities from legacy credentials and simultaneous threat activities. #Everest #CollinsAerospace
Keypoints
- Collins Aerospace was hit by two distinct cyberattacks in the same weekโdata exfiltration and ransomware.
- Everest accessed an exposed FTP server using compromised credentials related to a 2022 infection.
- The ransomware attack caused the shutdown of the MUSE passenger processing system, disrupting European airports.
- Old credentials and unpatched systems played a significant role in enabling the attacks.
- The incidents underscore the importance of securing legacy systems and monitoring for simultaneous cyber threats.