Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains
Essential information
- Published
- 06/05/2026 10:26
- Modified
- 07/05/2026 08:42
- Tags
- 2026-05-06 aerospace apt aviation critical-infrastructure data extortion espionage lockbit ransomware remus supply chain attacks
- Related entities
- 2 observables, 1 intrusion sets (apt), 20 techniques (mitre), 2 malware, 3 others
Description
Cyber threats targeting the global aviation and aerospace sector are rapidly evolving, with ransomware, identity-based intrusions, and platform-level disruptions becoming dominant attack vectors. The interconnected nature of this ecosystem, combined with time-sensitive operations and complex third-party dependencies, makes it highly attractive to threat actors. Shared airport IT platforms represent critical single points of failure, as demonstrated by the September 2025 ransomware attack on Collins Aerospace MUSE system that disrupted major European airports including Heathrow, Brussels, Berlin, and Dublin. Major ransomware groups like LockBit and Cl0p maintain heavy focus on aviation suppliers, while advanced persistent threat groups including Refined Kitten, Wicked Panda, and Fancy Bear conduct strategic espionage targeting intellectual property, aircraft design data, and military aviation intelligence. Emerging threats include vulnerabilities in regional airports, aviation SaaS platforms, and satellite ...