Redazione RHC : 18 October 2025 18:53
On September 20, we reported on a cyberattack that paralyzed several European airports, including Brussels, Berlin, and London Heathrow. This was a supply chain attack that exploited the compromise of a third-party supplier, with cascading effects across the airport’s entire operational infrastructure.
In the last few hours, a new section dedicated to Collins Aerospace (RTX) —one of the world’s leading suppliers in the aerospace and defense sector—has appeared on the official portal of the Everest Ransomware cyber gang, alongside a series of timers and announcements relating to the publication of confidential data.
The screenshots show references to “ Databases over 50GB ” and “ FTP Access List ,” with countdowns indicating the time remaining before the stolen materials are released to the public if payment is not made.
Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or misuse of this data. It is currently not possible to independently verify the authenticity of the information reported, as the organization involved has not yet released an official statement on its website. Therefore, this article should be considered for informational and intelligence purposes only.
According to information available so far, the attacks affected IT systems related to logistics management and airport security, causing delays and disruptions at several European airports. Analysts believe this is a targeted extension of Everest’s campaign targeting the aerospace and defense sector, a sector already targeted by the group due to its strategic value and the sensitivity of the data processed.
As usual, Everest is gradually publishing the exfiltrated data on its dark web portal. If the affected company doesn’t agree to pay the ransom , the group will begin releasing confidential documents, FTP credentials, database archives, and internal communications , making them publicly accessible.
This scheme aims to exert media and reputational pressure , forcing the victim to negotiate. Everest is a cybercriminal group active since 2020 , known for conducting targeted ransomware attacks against high-profile companies, public entities, and critical infrastructure.
Their modus operandi follows the “double extortion” pattern: after compromising the victims’ computer networks, the malicious actors encrypt the data and threaten to publish it online if the ransom is not paid.
The incident once again highlights the vulnerability of European digital infrastructures and the ability of ransomware groups to hit high-impact operational targets .
Security experts emphasize the urgent need to strengthen cyber threat intelligence, network monitoring, and digital crisis management mechanisms to reduce response times in the event of large-scale attacks.
Redazione