Russian airline hack came through third-party tech vendor | Daily Reports Online
- Aeroflot’s July outage was likely a supply‑chain attack via developer Bakka Soft
- Attackers exploited months‑old access, lacking 2FA, to deploy extensive malware and disrupt flights
- Damage reached tens of millions, though The Bell’s report remains unverified and politically sensitive
The cyberattack against Aeroflot, Russia’s flagship airline, was allegedly a supply-chain attack, as new reports claim it was done through an outside software developer that had access to the carrier’s IT network.
In late July this year, news broke of a cyber-incident at Aeroflot that disrupted the carrier’s operations and grounded dozens of flights. The Kremlin confirmed the attack, while two hacktivist groups – Silent Crow, and Cyberpartisans, claimed responsibility. The former is a Ukrainian group, while the latter – Belarusian.
Now, journalists from a local news outlet called The Bell claim the attack was done through Bakka Soft, a Moscow-based software development company that worked on Aeroflot’s iOS apps and quality management systems. The publication cited two people familiar with the investigation as well as those close to the company.
Millions in damages
Allegedly, there had been “suspicious activity” on Aeroflot’s IT infrastructure in January, roughly half a year before the attack, but the carrier did not tighten up on its security.
Six months later, the attackers moved in through the same vulnerability and installed two dozen malware tools. Although it’s rather vague, but the report claims that the company did not have two-factor authentication (2FA), and kept access to Aeroflot’s infrastructure, allowing the attackers to establish persistence.
Bakka Soft never confirmed its systems were breached, and the hacktivists did not want to disclose how they broke in.
The incident resulted in more than a hundred grounded flights, tens of thousands of passengers stranded, and losses from flight cancellations amounting to at least $3.3 million. The total damage from the attack was likely “tens of millions of dollars”.
The Bell’s report cannot be independently verified at this time. It’s worth pointing out that the publication was founded in 2017 by Russian journalists (according to The Record), and that it was designated by the Russian government as a “foreign agent”.
In Russia, being labeled a “foreign agent” means the government claims an organization receives money from abroad and is involved in “political activity.” In practice, it’s a stigma: the group must mark all publications with a warning, file extra reports, face frequent inspections, and risk heavy fines. It’s mainly used to pressure NGOs, media outlets, and activists the state considers undesirable.
Via The Record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
