Cyber Incident Victim: Swissport International
Date:
Feb 2022
Location:
Switzerland
Summary
A ransomware attack targeted Swissport International, disrupting IT infrastructure and causing flight delays at client airports. The aviation services provider, which handles critical operations like cargo and passenger processing, contained the incident and worked to restore systems while maintaining partial ground services without IT support. Service disruptions led to minor delays for multiple flights, though operations continued with manual workarounds. No ransomware group claimed responsibility, and data theft remained unconfirmed. The incident occurred amid a series of cyberattacks affecting European logistics and energy sectors, highlighting ongoing ransomware threats despite recent law enforcement actions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 3, 2022, Swissport International experienced a ransomware attack targeting its IT infrastructure, first detected at approximately 6:00 AM local time. The Switzerland-based aviation services provider, which supports cargo handling, security, maintenance, cleaning, and lounge hospitality operations across 310 airports in 50 countries, confirmed the incident via a social media statement later that day. The company reported the attack had been "largely contained" and that restoration efforts were underway to normalize services affecting its annual handling capacity of 282 million passengers and 4.8 million tons of cargo. Zurich Airport, one of Swissport’s clients, publicly attributed flight delays to the incident, though Swissport clarified that manual ground services for airlines could continue without IT systems despite operational inefficiencies. Immediate containment measures prevented widespread system failures, though the company’s website remained inaccessible following the attack, indicating persistent technical remediation efforts.
The attack resulted in confirmed disruptions to 22 flights at Zurich Airport on February 3, with delays ranging between three and twenty minutes. Swissport acknowledged the incident’s impact on service delivery in its public communications but did not disclose specific operational metrics beyond confirming inevitable delays in "some cases." No ransomware group claimed responsibility for the attack as of February 4, and Swissport provided no details regarding data exfiltration or encryption scope. The incident occurred amid a series of ransomware attacks against European critical infrastructure, including the February 1 Oiltanking breach that disrupted German fuel distribution and a contemporaneous cyberattack affecting Belgian oil terminals. Swissport’s restoration timeline and technical recovery methods were not detailed in available disclosures, though the company emphasized active resolution efforts without external collaboration specifics. Aviation dependencies on Swissport’s services highlighted the attack’s potential sector-wide implications despite limited immediate flight disruptions.