Collins Aerospace
-
Mandiant ties UNC1549 to long-running campaign using TWOSTROKE and DEEPROOT against aerospace and defence
Google-owned Mandiant linked a cluster it tracks as UNC1549 to a campaign from late 2023 through 2025 in which suspected Iranian espionage actors used backdoors including TWOSTROKE and DEEPROOT to target aerospace, aviation and defence organisations by exploiting third-party credentials, VDI breakouts and targeted phishing.
-
Iranian-linked hackers expand European operations with fake job portals and new malware, researchers say
Security researchers say Iranian government-backed attackers are targeting Western Europe with fake job portals and new Minibike malware, including MiniJunk and MiniBrowse, delivered through a multi-stage DLL sideloading chain. The operation focuses on Denmark, Portugal, and Sweden and appears linked to broader Iran-aligned threat activity.
-
Cyberattacks and fiber outages disrupt global aviation as European and U.S. delays mount
Technology outages in Europe and the United States disrupted air travel over the weekend, as Collins Aerospace’s ARINC cMUSE system suffered a cyberattack affecting check-in and baggage processing in Brussels, and a fiber-optic outage at Dallas/Fort Worth interfered with U.S. air‑traffic control operations, triggering hundreds of cancellations and delays.
