This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity  #ndcconferences  #security  #developer   #softwaredeveloper    

Attend the next NDC conference near you: 
https://ndcconferences.com
https://ndc-security.com/

Subscribe to our YouTube channel and learn every day:     @NDC 

Follow our Social Media!

https://www.facebook.com/ndcconferences
https://twitter.com/NDC_Conferences
https://www.instagram.com/ndc_conferences

#hacker #applicationsecurity #iot #supplychain 

On September 19, 2025, many European airports experienced major disruptions in their check-in systems. Flights were cancelled or delayed in Heathrow and other European cities' airports.

The reason was a cyber - related incident that invovled a software for check-in and baggage handling, called Muse. Just days earlier NATO launched operation Eastern Sentry in response to an Article 4 declaration by the Polish government. Is there a connection between these 2 incidents? This session aims to present the circumstances under which the cyberattack took place, who were the victims, the technologies that were affected, what was happening on the international scene and how supply-chain or OT-related attacks on civilian infrastructure are primary objectives for nation-state backed threat actors in times of crisis and conflict.

NDC Conferences

A threat intelligence report on the September 2025 cyber attack that disrupted check-in and baggage systems at five major European airports. The incident traces back to a 2022 Redline infostealer compromise of a Collins Aerospace employee's device, which harvested legacy FTP credentials for the MUSE airport management system. Three years later, the Everest ransomware group used those credentials to exfiltrate over 1.5 million passenger records and 50GB of network data, then deployed a Heartbeat ransomware variant after ransom negotiations broke down. The talk covers the supply chain attack path, the dual-threat-actor theory, why Delhi airport was unaffected, and draws a speculative but timeline-supported connection between the attack and concurrent NATO-Russia tensions including drone incursions into Polish and Estonian airspace.

Has your flight been cancelled? You might be eligible for a cybersec session! - Konstantinos Fouzas