- Aeroflot’s July outage was likely a supply chain attack via developer Bakka Soft
- Attackers took advantage of months-old access, without 2FA, to deploy extensive malware and disrupt flights
- Damage reached tens of millions, although The Bell’s report remains unverified and politically sensitive.
The cyberattack against Aeroflot, Russia’s flagship airline, was allegedly a supply chain attack, as new reports claim it was carried out through a third-party software developer who had access to the airline’s computer network.
At the end of July this year, news emerged of a cyber incident at Aeroflot that disrupted the airline’s operations and grounded dozens of flights. The Kremlin confirmed the attack, while two hacktivist groups, Silent Crow and Cyberpartisans, claimed responsibility. The first is a Ukrainian group, the second is Belarusian.
Now, journalists from a local media outlet called The Bell claim that the attack was carried out through Bakka Soft, a Moscow-based software development company that worked on Aeroflot’s iOS applications and quality management systems. The publication cited two people familiar with the investigation, as well as people close to the company.
Millions in damages
There was allegedly “suspicious activity” on Aeroflot’s IT infrastructure in January, about half a year before the attack, but the airline did not beef up its security.
Six months later, attackers breached the same vulnerability and installed two dozen malware tools. Although quite vague, the report claims that the company did not have two-factor authentication (2FA) and maintained access to Aeroflot’s infrastructure, allowing attackers to establish persistence.
Bakka Soft never confirmed that its systems had been compromised and the hacktivists did not want to reveal how they got in.
The incident caused the suspension of more than one hundred flights, tens of thousands of stranded passengers and losses from flight cancellations that amounted to at least $3.3 million. The total damage from the attack was likely “tens of millions of dollars.”
Bell’s report cannot be independently verified at this time. It should be noted that the publication was founded in 2017 by Russian journalists (according to The Record), and that it was designated by the Russian government as a “foreign agent.”
In Russia, being labeled a “foreign agent” means the government claims that an organization receives money from abroad and is involved in “political activity.” In practice, it’s a stigma: the group must mark all posts with a warning, file additional reports, face frequent inspections and risk heavy fines. It is mainly used to pressure NGOs, media and activists that the State considers undesirable.
Through The record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
