Summary6 min read

Risky Bulletin: Cyberattack Disrupts Airports Across Europe

Host: Claire Aird | Date: September 22, 2025
Podcast: Risky Bulletin by Risky.biz

Episode Overview

This episode of Risky Bulletin delivers key developments in global cybersecurity over the preceding days, with a major focus on a cyberattack that crippled airport operations across Europe. Other news includes updates from US security agencies, new international cyber policy appointments, collaborative Russian APT activity, regulatory shifts from the EU and China, a significant cryptocurrency platform takedown, and more.

Key Discussion Points & Insights

1. Major Cyberattack Hits European Airports

Incident: Airports in London (Heathrow), Berlin (Brandenburg), and Brussels experienced service disruptions after a cyberattack targeted Collins Aerospace's VMU self-service check-in kiosks.
Impact: Hundreds of flight delays/cancellations. Systems for checking in, baggage drops, and boarding pass printing were affected. Disruptions are still ongoing.
Attribution: No information yet on the responsible party.
Memorable quote:

“A cyber attack has disrupted multiple European airports. The attack this weekend brought down self service check in kiosks…Hundreds of flights have been delayed or cancelled.”
(Claire Aird, 00:05)

2. US Surveillance Contract & Cyber Policy Appointments

ICE Contract: US Immigration and Customs Enforcement signed a $5M contract with Cobwebs for monitoring social media and the dark web. Other active contracts with surveillance firms such as Clearview AI and Magnet Forensics.
Pentagon Appointment: Katherine Sutton selected as Assistant Secretary of Defence for Cyber Policy, replacing Laurie Buckhout.
- Sutton advises on cyber policy in a role created in March 2024.
Cybersecurity Hiring Crisis: The DoD aims to reduce cyber hiring time from an average of 670 days to 25; claims a current shortfall of ~20,000 cyber professionals, despite a workforce exceeding 70,000.
Quote:

“The Pentagon wants to reduce its cybersecurity hiring window to 25 days. The department currently averages 670 days to hire new cyber employees.”
(Claire Aird, 01:10)

3. CISA & International Vulnerability Management

CISA Outreach: Urging international contribution for the CVE vulnerability program (no specifics given). The CVE database is maintained by MITRE.
Funding Update: CISA's funding extended to March 2026 after a brief lapse in April.
Quote:

“CISA wants international partners to contribute to the CVE Vulnerability management program. It didn't clarify what this would entail.”
(Claire Aird, 01:37)

4. EU Push for Digital Sovereignty

New Regulations: Under a German-led proposal, US tech giants (Amazon, Apple, Google, Meta) may be excluded from the EU’s soon-to-launch shared financial data system—the Financial Data Access Regulation Framework.
Goal: Enhance intra-EU data sharing and limit outside access amid digital sovereignty concerns.
Quote:

“The ban is part of the EU's new push for digital sovereignty.”
(Claire Aird, 02:12)

5. China’s Ban on Nvidia Chips

Details: Chinese government orders halt to purchases, tests, and future orders of Nvidia chips in a clear move against US tech dependence.
Backdrop: Recent accusations by Chinese authorities that the US sought to embed backdoors in Nvidia hardware.
Quote:

“The move is part of Beijing's efforts to boost the local semiconductor sector and reduce dependence on US suppliers.”
(Claire Aird, 02:31)

6. South Korean Telecom Data Breach

Attack: Korea Telecom (KT) reports attackers used two fake cell towers to steal data (IMSI, IMEI codes, phone numbers) from over 5,500 subscribers.
Discovery: Triggered by fraudulent micropayment complaints.
Quote:

“KT discovered the breach after receiving reports of fraudulent micropayments from affected users.”
(Claire Aird, 02:51)

7. Canadian Authorities Seize Trade Ogre Crypto Platform

Actions: Following a Europol tip, Canadian law enforcement seized the unregistered crypto exchange and $40 million in assets.
Significance: First takedown of a cryptocurrency exchange in Canada.
Quote:

“Officials say they seized $40 million and plan to investigate transaction data. This is the first time that Canadian authorities have dismantled a cryptocurrency exchange platform.”
(Claire Aird, 03:10)

8. Scattered Spider Hacker Surrenders

Details: Alleged teenage member involved in high-profile casino/hotel hacks in Las Vegas (2023) turned himself in, faces six felony charges.

9. Unprecedented Russian APT Collaboration

Background: ESET observed two FSB-aligned hacking groups (Gamaratin from Crimea and Turla from Moscow) coordinating attacks.
Tactic: One group’s malware delivered or restarted the other's payloads.
Analysis: Gamaratin now believed to be an “initial access provider” for Turla.
Quote:

“Gama Reddin is now working as an initial access provider for more complex Tirla operations.”
(Claire Aird, 04:01)

10. Iranian Espionage via LinkedIn

Incident: The group ‘Subtle Snail’ (part of Charming Kitten) targets EU telco and defense employees with fake job offers on LinkedIn.
- 34 devices across 11 organizations compromised.
Quote:

“An Iranian cyber espionage group is targeting employees of EU telcos and defence organisations with failure fake jobs on LinkedIn…”
(Claire Aird, 04:18)

11. Critical Fortra Vulnerability Fixed

Details: Fortra patched a zero-day in GoAnywhere MFT that allowed attackers to exploit deserialization to remotely execute code.
- Vulnerability nearly identical to a previously exploited flaw in 2023.
- Severity: 10/10.
Advice: Fortra urges immediate admin console lockdowns and patching.
Quote:

“The flaw is almost identical to the Go Anywhere bug exploited by ransomware and extortion gangs in 2023. Fortra has urged customers to take their admin console offline and patch.”
(Claire Aird, 04:38)

12. LinkedIn to Resume Using EU, UK, and Canadian Data for AI

Change: Terms of Service now state user data will be used for AI training from November 3rd; users may opt out.
Previous Pause: Data use had stopped following pressure from EU privacy regulators in late 2024.
Quote:

“LinkedIn has updated its Terms of Service to state that data will be used from November 3rd.”
(Claire Aird, 04:54)

Notable Quotes & Memorable Moments

On the urgency of cyber workforce hiring:

“The Pentagon wants to reduce its cybersecurity hiring window to 25 days. The department currently averages 670 days to hire new cyber employees.”
(Claire Aird, 01:10)
On the significance of international cyber collaboration:

“CISA wants international partners to contribute to the CVE Vulnerability management program. It didn't clarify what this would entail.”
(Claire Aird, 01:37)
On EU’s digital sovereignty:

“The ban is part of the EU's new push for digital sovereignty.”
(Claire Aird, 02:12)
On historic crypto seizure in Canada:

“This is the first time that Canadian authorities have dismantled a cryptocurrency exchange platform.”
(Claire Aird, 03:12)

Timestamps for Key Segments

00:04 — Headline overview & airport attack details
00:50 — ICE contracts with Cobwebs and other surveillance vendors
01:00 — Pentagon’s new cyber appointment and workforce efforts
01:37 — CISA's international call for CVE program involvement
02:12 — EU limits US tech access to financial data sharing
02:31 — China bans Nvidia chips
02:51 — South Korean telecom breach via rogue cell towers
03:10 — Canadian Trade Ogre crypto platform takedown
03:20 — Scattered Spider hacker surrenders
04:01 — Russian APTs Gamaratin and Turla coordinate
04:18 — Iranian ‘Subtle Snail’ LinkedIn campaign
04:38 — Fortra GoAnywhere critical flaw patched
04:54 — LinkedIn resumes AI data use in EU, UK, Canada

Conclusion

This Risky Bulletin episode spotlights the mounting complexity and global impact of cyber threats in 2025. From critical infrastructure outages and aggressive state activity to seminal arrests and regulatory changes—organizations and individuals alike face an escalating landscape of challenges demanding both local and cross-border responses.

Loading summary

Transcript1 lines

[00:05]
A
A cyber attack disrupts European airports A scattered SPIDER member turns himself in to US authorities the Pentagon hires a new cyber policy leader and two Russian APTs work together for the first time. This is the Risky Bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 22nd of September and this podcast episode is brought to you by Spectrops, the experts in attack path management A cyber attack has disrupted multiple European airports. The attack this weekend brought down self service check in kiosks that are used to check in drop luggage and print boarding passes. Hundreds of flights have been delayed or cancelled. Affected airports include London's Heathrow, Berlin's Brandenburg and Brussels Airport. The incident impacted VMU's kiosks operated by Collins Aerospace. Disruptions are still ongoing. It's unclear who was behind the attack. In other news, U.S. immigration and Customs Enforcement has signed a $5 million contract with surveillance company Cobwebs. It provides tools to track activity on social media and the dark web. ICE also has active contracts with surveillance vendors Clearview, AI Paragon Solutions and Magnet Forensics. The US Senate has named Katherine Sutton as the next Assistant Secretary of Defence for Cyber Policy. Sutton replaces Laurie Buckhout, the only other person to hold the role after it was created in March last year. The position is a civilian role that advises the Department of Defence on cyber policy. The Pentagon wants to reduce its cybersecurity hiring window to 25 days. The department currently averages 670 days to hire new cyber employees. The acceleration in hiring efforts comes as the DoD says it's short almost 20,000 cyber professionals. A recent GAO report revealed that The Department of Defence's cyber workforce already totals more than 70,000 civilian and military staff. CISA wants international partners to contribute to the CVE Vulnerability management program. It didn't clarify what this would entail. Cisco CISA recently said it was looking to expand community partnerships for managing CVEs. The CVE database is run by the MITRE Corporation. CISA's funding lapsed briefly in April before being extended until March 2026. The EU is moving to exclude US tech companies from the Union's new financial data sharing system. Under a German proposal, companies like Amazon, Apple, Google and Meta will be barred from accessing this shared data. The Financial Data Access Regulation Framework is design to improve the sharing of data between financial entities. According to the Financial Times, US tech firms are unlikely to be successful in attempts to be granted access. The ban is part of the EU's new push for digital sovereignty. The Chinese government has ordered local companies to stop buying Nvidia chips, according to the Financial Times. Companies were told to stop tests and cancel future orders. The move is part of Beijing's efforts to boost the local semiconductor sector and reduce dependence on US suppliers. Last month, Chinese officials accused the US of trying to sneak backdoors into Nvidia chips. South Korea's second largest mobile operator has reported a recent security breach to authorities. Unknown individuals allegedly used two fake cell towers to collect data on more than 5,500 subscribers. Korea Telecom said attackers harvested IMSI and IMEI codes, as well as the phone numbers of nearby customers. KT discovered the breach after receiving reports of fraudulent micropayments from affected users. Canadian authorities have seized the cryptocurrency platform Trade Ogre. Authorities received a tip from Europol about the platform in 2024. Trade Ogre allegedly failed to register with authorities or identify its users, which enabled money laundering. Officials say they seized $40 million and plan to investigate transaction data. This is the first time that Canadian authorities have dismantled a cryptocurrency exchange platform. A member of the Scattered Spider hacking group has turned himself in to Las Vegas police. The teenage suspect was allegedly involved in hacking several Las Vegas casinos and hotels in 2023. He faces six felony charges. Two Russian cyber espionage groups have been seen working together for the first time. Both groups operate under the Russian FSB intelligence service, but within different regions. Gamaratin operates from Crimea, while Turla from Moscow. Cybersecurity firm ESET has seen one group's malware drop or restart the other group's payloads. Researchers believe. Gama Reddin is now working as an initial access provider for more complex Tirla operations. An Iranian cyber espionage group is targeting employees of EU telcos and defence organisations with failure fake jobs on LinkedIn, according to security firm Prodaft. One of the group's Recent campaigns infected 34 devices across 11 organisations. PRODAFT linked the attacks to a group it tracks, a subtle snail. The group has been active since at least 2022 and is believed to be part of the larger Charming Kitten operation. Fortra has patched a critical vulnerability in its Go Anywhere file transfer application. The vulnerability allows threat actors with a forged license response signature to execute deserial serialization attacks and run malicious commands on remote systems, according to Vulnchek. The flaw is almost identical to the Go Anywhere bug exploited by ransomware and extortion gangs in 2023. Fortra has urged customers to take their admin console offline and patch. The vulnerability has a severity rating of 10 and finally, LinkedIn will resume using the data of EU, Canadian and UK users to train its AI models. Late last year, the company halted using the data following pressure from EU privacy watchdogs. LinkedIn has updated its Terms of Service to state that data will be used from November 3rd. LinkedIn has been training its AI on US user data for almost a year. Users can opt out from having their data used and that is all for this podcast edition. Today's show was brought to you by our sponsor, Spectropps. Find them@Spectropsio. Thanks to your company.