- Aeroflot’s July outage was likely a supply chain attack via developer Bakka Soft
- Attackers exploited months-old access, lacking 2FA, to deploy numerous malware and disrupt flights.
- Damages reached tens of millions, although The Bell’s report remains unverified and politically sensitive.
The cyberattack on Aeroflot, Russia’s flagship airline, is believed to be an attack on the supply chain, as new reports claim it was carried out by an external software developer with access to the carrier’s computer network.
In late July this year, news broke of a cyber incident at Aeroflot, disrupting the carrier’s operations and grounding dozens of flights. The Kremlin confirmed the attack, while two hacktivist groups, Silent Crow and Cyberpartisans, claimed responsibility. The first is a Ukrainian group, while the second is Belarusian.
Today, journalists from a local media outlet called The Bell claim that the attack was carried out through Bakka Soft, a Moscow-based software development company that worked on Aeroflot’s iOS apps and quality management systems. The publication cites two people close to the investigation as well as people close to the company.
Millions of damages
There was reportedly “suspicious activity” on Aeroflot’s IT infrastructure in January, around six months before the attack, but the carrier failed to beef up its security.
Six months later, attackers exploited the same vulnerability and installed two dozen malicious tools. Although it’s rather vague, the report claims that the company lacked two-factor authentication (2FA) and retained access to Aeroflot’s infrastructure, allowing attackers to establish persistence.
Bakka Soft has never confirmed that its systems had been hacked, and the hacktivists have been unwilling to reveal how they got in.
The incident resulted in the grounding of more than a hundred flights, tens of thousands of stranded passengers, and losses due to flight cancellations amounting to at least $3.3 million. The total damage caused by the attack would likely be “tens of millions of dollars.”
Bell’s report cannot be independently verified at this time. It’s worth pointing out that the publication was founded in 2017 by Russian journalists (according to The Record) and was designated by the Russian government as a “foreign agent.”
In Russia, being called a “foreign agent” means the government claims an organization receives money from abroad and is involved in “political activities.” In practice, it’s a stigma: the group must mark all its posts with a warning, file additional reports, face frequent inspections and risk heavy fines. It is mainly used to put pressure on NGOs, media and activists that the state considers undesirable.
Via The file
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
