Obscura or HardBit ransomware behind cyber attacks on European Airports
Over the weekend, European airports were reportedly struck by a cyber-attack that has now escalated into a significant ransomware incident. The hackers reportedly encrypted critical data and exfiltrated sensitive information, a hallmark of the increasingly common double extortion attacks seen in recent years. This attack has sparked widespread speculation across both the media and tech forums, with some sources suggesting that two distinct hacker groups may have been involved in the attack, though investigations are still ongoing.
One of the most significant players in the aviation space, Collins Aerospace, which provides software solutions for check-in systems and baggage scheduling at airports, confirmed the incident through a press release. The company stated that it is actively working on a detailed update regarding the ransomware attack, but it will require more time to fully assess and disclose the extent of the damage. The disruption caused by this attack has been considerable, affecting multiple airports across Europe, but further details remain unclear.
In the meantime, some media outlets, referencing tech discussions on various forums, have raised the possibility that HardBit ransomware, which first emerged in October 2022, could be behind this attack. Speculation suggests that the group might be negotiating with the affected organizations, leveraging their cyber insurance claims in exchange for a lower ransom demand.
HardBit’s tactics are unique in the ransomware world, as the group reportedly tailors ransom demands based on the victim’s cyber insurance policy. If the target lacks sufficient insurance coverage, the group demands a staggering ransom—typically $100,000 or 30% of the company’s total asset value. This innovative (and highly profitable) approach has made HardBit one of the most feared actors in the ransomware space, even though they lack a public data leak forum like other ransomware gangs.
Adding another layer of complexity to the case, some sources on Telegram have pointed to a different possibility: the ransomware attack on the airports might have been orchestrated by the group known as Obscura, which has gained notoriety in the cybersecurity community. The security firm Huntress has publicly endorsed this theory, though it has not been fully substantiated. As of now, investigators are still piecing together the puzzle, and authorities are focusing on narrowing down the group or groups responsible for the disruption.
Co-Op Retailer Faces £206 Million Loss Due to Cyber-Attack
In a related development, Co-Op, a prominent UK-based retailer, has disclosed that it will incur a financial loss of £206 million due to a cyber-attack that took place earlier this year. The attack, which occurred in April 2025, was attributed to the Scattered Spider hacker group, notorious for its sophisticated operations and use of the DragonForce ransomware.
The attack impacted not only Co-Op but also Marks & Spencer and Harrods, with Scattered Spider successfully infiltrating their networks. Following these attacks, the group reportedly formed an alliance with other well-known hacking groups like Shiny Hunters and Lapsus, resulting in the formation of a new collective called Scattered Lapsus Hunters. This collaboration briefly launched a series of attacks on several other organizations over the course of a few weeks.
However, this partnership seems to have collapsed as quickly as it formed. Reports suggest that the group disbanded due to mounting pressure from law enforcement and concerns over legal consequences. As a result, the hackers decided to shut down their malware distribution business, which marked the end of the Scattered Lapsus Hunters operation. Despite this, the financial damage inflicted on Co-Op is significant, and the retailer has warned that the loss will likely impact its profits in the coming year.
The DragonForce ransomware, which was used in the Co-Op attack, has been particularly destructive, enabling the hackers to steal data and encrypt vital files, severely disrupting operations. In the wake of the attack, Co-Op is working closely with cybersecurity experts and law enforcement to mitigate the damage and prevent future incidents. However, the financial ramifications of this breach are likely to be felt for years to come.
Join our LinkedIn group Information Security Community!
