Airlines, Airports Face 600% Rise in Cyberattacks Worldwide

Cyberattacks targeting the global aviation supply chain  have surged by 600% over the past year, according to a report by defense and cybersecurity firm Thales. The study, “Cyberthreats on the Aviation Sector,” was unveiled at the 2025 Paris Air Show and is based on intelligence and incident reports from January 2024 to April 2025.

Thales  documented 27 ransomware attacks during this period, involving 22 distinct groups. These attacks disrupted various supply chain components, including airlines, airports, air traffic management systems, and aircraft manufacturers.

“From airlines and airports to navigation systems and suppliers, every link in the chain is vulnerable to attacks,” said Ivan Fontarensky, Chief Technology Officer for Cyber Detection and Response, Thales.

The report highlights financial gain, ideological motives, and state-sponsored operations as key drivers of these cyberattacks. The United States was the hardest-hit nation, accounting for over one-third of reported ransomware incidents in the sector.

The report projects that the global aviation cybersecurity market will grow from US$5.32 billion in 2025 to US$7.44 billion by 2029, with an annual growth rate of 8.7%. This growth is attributed to the increasing digitalization of aviation systems and the corresponding rise in cyber threats.

Although ransomware attacks declined from 30 in 2023 to 19 in 2024, eight new incidents were reported in the first four months of 2025, signaling a renewed upward trend.

Notable Cyber Incidents

Recent high-profile cyberattacks include:

• August 2024: A Rhysida ransomware attack on Seattle-Tacoma International Airport forced critical systems offline.
   

• October 2024: RansomHub breached Grupo Aeroportuario Centro Norte (OMA) in Mexico, threatening to leak 3 terabytes of stolen data.
   

• March 2025: A cyberattack on Kuala Lumpur International Airport disrupted operations, forcing staff to use whiteboards for flight updates.
   

State-backed groups have increased their focus on aviation networks. For instance:

• Russia’s APT28 infiltrated Germany’s air traffic control agency (DFS) in September 2024.
   

• Other prominent actors include China’s APT41, Iran’s TA455, and North Korea’s Lazarus Group, which continue targeting aviation for strategic intelligence.
   

Hacktivist groups have also resurfaced. Pro-Russian collectives launched distributed denial-of-service (DDoS) attacks on airports in France and Italy, using cyberattacks as tools for political protest and disruption.

“The aviation industry has become a digital battlefield with major economic and geopolitical interests at stake. The sharp rise in attacks demands a holistic approach to aviation cybersecurity, stronger AI integration, and closer collaboration between the industry and public sector,” Fontarensky emphasized.