- Aeroflot’s July outage was likely a supply chain attack via developer Bakka Soft
- Attackers exploited months-old access that lacks 2FA to deploy extensive malware and disrupt flights
- Damages reached tens of millions, though The Bell’s report remains unconfirmed and politically sensitive
The cyber attack against Aeroflot, Russia’s flagship airline, was allegedly a supply chain attack as new reports claim it was carried out through an external software developer who had access to the carrier’s IT network.
At the end of July this year, news broke of a cyber incident at Aeroflot that disrupted the airline’s operations and grounded dozens of flights. The Kremlin confirmed the attack, while two hacktivist groups – Silent Crow and Cyber ​​Partisans – claimed responsibility. The former is a Ukrainian group, while the latter – Belarusian.
Now, reporters from a local news outlet called The Bell claim the attack was carried out through Bakka Soft, a Moscow-based software development company that worked on Aeroflot’s iOS apps and quality management systems. The publication cited two people familiar with the investigation as well as people close to the company.
Millions in damages
There had reportedly been “suspicious activity” on Aeroflot’s IT infrastructure in January, about six months before the attack, but the airline did not tighten its security.
Six months later, the attackers moved in through the same vulnerability and installed two dozen malware tools. Although rather vague, the report claims that the company did not have two-factor authentication (2FA) and kept access to Aeroflot’s infrastructure, which allowed the attackers to establish persistence.
Bakka Soft never confirmed that its systems were breached, and the hacktivists did not want to reveal how they broke in.
The incident resulted in more than a hundred flight departures, tens of thousands of passengers stranded, and losses from flight cancellations of at least $3.3 million. The total damage from the attack was likely “tens of millions of dollars”.
Bell’s report cannot be independently verified at this time. It is worth pointing out that the publication was founded in 2017 by Russian journalists (according to The Record) and that it was designated by the Russian government as a “foreign agent”.
In Russia, being labeled a “foreign agent” means the government claims an organization receives money from abroad and is involved in “political activity.” In practice, it is a stigma: the group must mark all publications with a warning, file extra reports, face frequent inspections and risk large fines. It is mainly used to pressure NGOs, media and activists that the state considers undesirable.
Via The record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
