Risky Bulletin: Cyberattack Disrupts Airports Across Europe
Host: Claire Aird | Date: September 22, 2025
Podcast: Risky Bulletin by Risky.biz
Episode Overview
This episode of Risky Bulletin delivers key developments in global cybersecurity over the preceding days, with a major focus on a cyberattack that crippled airport operations across Europe. Other news includes updates from US security agencies, new international cyber policy appointments, collaborative Russian APT activity, regulatory shifts from the EU and China, a significant cryptocurrency platform takedown, and more.
Key Discussion Points & Insights
1. Major Cyberattack Hits European Airports
- Incident: Airports in London (Heathrow), Berlin (Brandenburg), and Brussels experienced service disruptions after a cyberattack targeted Collins Aerospace's VMU self-service check-in kiosks.
- Impact: Hundreds of flight delays/cancellations. Systems for checking in, baggage drops, and boarding pass printing were affected. Disruptions are still ongoing.
- Attribution: No information yet on the responsible party.
- Memorable quote:
“A cyber attack has disrupted multiple European airports. The attack this weekend brought down self service check in kiosks…Hundreds of flights have been delayed or cancelled.”
(Claire Aird, 00:05)
2. US Surveillance Contract & Cyber Policy Appointments
- ICE Contract: US Immigration and Customs Enforcement signed a $5M contract with Cobwebs for monitoring social media and the dark web. Other active contracts with surveillance firms such as Clearview AI and Magnet Forensics.
- Pentagon Appointment: Katherine Sutton selected as Assistant Secretary of Defence for Cyber Policy, replacing Laurie Buckhout.
- Sutton advises on cyber policy in a role created in March 2024.
- Cybersecurity Hiring Crisis: The DoD aims to reduce cyber hiring time from an average of 670 days to 25; claims a current shortfall of ~20,000 cyber professionals, despite a workforce exceeding 70,000.
- Quote:
“The Pentagon wants to reduce its cybersecurity hiring window to 25 days. The department currently averages 670 days to hire new cyber employees.”
(Claire Aird, 01:10)
3. CISA & International Vulnerability Management
- CISA Outreach: Urging international contribution for the CVE vulnerability program (no specifics given). The CVE database is maintained by MITRE.
- Funding Update: CISA's funding extended to March 2026 after a brief lapse in April.
- Quote:
“CISA wants international partners to contribute to the CVE Vulnerability management program. It didn't clarify what this would entail.”
(Claire Aird, 01:37)
4. EU Push for Digital Sovereignty
- New Regulations: Under a German-led proposal, US tech giants (Amazon, Apple, Google, Meta) may be excluded from the EU’s soon-to-launch shared financial data system—the Financial Data Access Regulation Framework.
- Goal: Enhance intra-EU data sharing and limit outside access amid digital sovereignty concerns.
- Quote:
“The ban is part of the EU's new push for digital sovereignty.”
(Claire Aird, 02:12)
5. China’s Ban on Nvidia Chips
- Details: Chinese government orders halt to purchases, tests, and future orders of Nvidia chips in a clear move against US tech dependence.
- Backdrop: Recent accusations by Chinese authorities that the US sought to embed backdoors in Nvidia hardware.
- Quote:
“The move is part of Beijing's efforts to boost the local semiconductor sector and reduce dependence on US suppliers.”
(Claire Aird, 02:31)
6. South Korean Telecom Data Breach
- Attack: Korea Telecom (KT) reports attackers used two fake cell towers to steal data (IMSI, IMEI codes, phone numbers) from over 5,500 subscribers.
- Discovery: Triggered by fraudulent micropayment complaints.
- Quote:
“KT discovered the breach after receiving reports of fraudulent micropayments from affected users.”
(Claire Aird, 02:51)
7. Canadian Authorities Seize Trade Ogre Crypto Platform
- Actions: Following a Europol tip, Canadian law enforcement seized the unregistered crypto exchange and $40 million in assets.
- Significance: First takedown of a cryptocurrency exchange in Canada.
- Quote:
“Officials say they seized $40 million and plan to investigate transaction data. This is the first time that Canadian authorities have dismantled a cryptocurrency exchange platform.”
(Claire Aird, 03:10)
8. Scattered Spider Hacker Surrenders
- Details: Alleged teenage member involved in high-profile casino/hotel hacks in Las Vegas (2023) turned himself in, faces six felony charges.
9. Unprecedented Russian APT Collaboration
- Background: ESET observed two FSB-aligned hacking groups (Gamaratin from Crimea and Turla from Moscow) coordinating attacks.
- Tactic: One group’s malware delivered or restarted the other's payloads.
- Analysis: Gamaratin now believed to be an “initial access provider” for Turla.
- Quote:
“Gama Reddin is now working as an initial access provider for more complex Tirla operations.”
(Claire Aird, 04:01)
10. Iranian Espionage via LinkedIn
- Incident: The group ‘Subtle Snail’ (part of Charming Kitten) targets EU telco and defense employees with fake job offers on LinkedIn.
- 34 devices across 11 organizations compromised.
- Quote:
“An Iranian cyber espionage group is targeting employees of EU telcos and defence organisations with failure fake jobs on LinkedIn…”
(Claire Aird, 04:18)
11. Critical Fortra Vulnerability Fixed
- Details: Fortra patched a zero-day in GoAnywhere MFT that allowed attackers to exploit deserialization to remotely execute code.
- Vulnerability nearly identical to a previously exploited flaw in 2023.
- Severity: 10/10.
- Advice: Fortra urges immediate admin console lockdowns and patching.
- Quote:
“The flaw is almost identical to the Go Anywhere bug exploited by ransomware and extortion gangs in 2023. Fortra has urged customers to take their admin console offline and patch.”
(Claire Aird, 04:38)
12. LinkedIn to Resume Using EU, UK, and Canadian Data for AI
- Change: Terms of Service now state user data will be used for AI training from November 3rd; users may opt out.
- Previous Pause: Data use had stopped following pressure from EU privacy regulators in late 2024.
- Quote:
“LinkedIn has updated its Terms of Service to state that data will be used from November 3rd.”
(Claire Aird, 04:54)
Notable Quotes & Memorable Moments
-
On the urgency of cyber workforce hiring:
“The Pentagon wants to reduce its cybersecurity hiring window to 25 days. The department currently averages 670 days to hire new cyber employees.”
(Claire Aird, 01:10) -
On the significance of international cyber collaboration:
“CISA wants international partners to contribute to the CVE Vulnerability management program. It didn't clarify what this would entail.”
(Claire Aird, 01:37) -
On EU’s digital sovereignty:
“The ban is part of the EU's new push for digital sovereignty.”
(Claire Aird, 02:12) -
On historic crypto seizure in Canada:
“This is the first time that Canadian authorities have dismantled a cryptocurrency exchange platform.”
(Claire Aird, 03:12)
Timestamps for Key Segments
- 00:04 — Headline overview & airport attack details
- 00:50 — ICE contracts with Cobwebs and other surveillance vendors
- 01:00 — Pentagon’s new cyber appointment and workforce efforts
- 01:37 — CISA's international call for CVE program involvement
- 02:12 — EU limits US tech access to financial data sharing
- 02:31 — China bans Nvidia chips
- 02:51 — South Korean telecom breach via rogue cell towers
- 03:10 — Canadian Trade Ogre crypto platform takedown
- 03:20 — Scattered Spider hacker surrenders
- 04:01 — Russian APTs Gamaratin and Turla coordinate
- 04:18 — Iranian ‘Subtle Snail’ LinkedIn campaign
- 04:38 — Fortra GoAnywhere critical flaw patched
- 04:54 — LinkedIn resumes AI data use in EU, UK, Canada
Conclusion
This Risky Bulletin episode spotlights the mounting complexity and global impact of cyber threats in 2025. From critical infrastructure outages and aggressive state activity to seminal arrests and regulatory changes—organizations and individuals alike face an escalating landscape of challenges demanding both local and cross-border responses.