Russian airline hack came through third-party tech vendor
Date:
Thu, 11 Dec 2025 18:50:00 +0000
Description:
Local journalists are investigating last summer's breach allegedly done by Ukrainian and Belarussian hacktivists.
FULL STORY ======================================================================Aeroflot s July outage was likely a supplychain attack via developer Bakka Soft Attackers exploited monthsold access, lacking 2FA, to deploy extensive
malware and disrupt flights Damage reached tens of millions, though The Bells report remains unverified and politically sensitive
The cyberattack against Aeroflot, Russias flagship airline, was allegedly a supply-chain attack, as new reports claim it was done through an outside software developer that had access to the carriers IT network.
In late July this year, news broke of a cyber-incident at Aeroflot that disrupted the carriers operations and grounded dozens of flights. The Kremlin confirmed the attack, while two hacktivist groups - Silent Crow, and Cyberpartisans, claimed responsibility. The former is a Ukrainian group,
while the latter - Belarusian.
Now, journalists from a local news outlet called The Bell claim the attack
was done through Bakka Soft, a Moscow-based software development company that worked on Aeroflots iOS apps and quality management systems. The publication cited two people familiar with the investigation as well as those close to
the company.
Catch the price drop- Get 30% OFF for Enterprise and Business plans
The Black Friday campaign offers 30% off for Enterprise and Business plans
for a 1- or 2-year subscription. Its valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer. View Deal Millions in damages
Allegedly, there had been suspicious activity on Aeroflots IT infrastructure in January, roughly half a year before the attack, but the carrier did not tighten up on its security.
Six months later, the attackers moved in through the same vulnerability and installed two dozen malware tools. Although it's rather vague, but the report claims that the company did not have two-factor authentication (2FA), and
kept access to Aeroflots infrastructure, allowing the attackers to establish persistence.
Bakka Soft never confirmed its systems were breached, and the hacktivists did not want to disclose how they broke in.
The incident resulted in more than a hundred grounded flights, tens of thousands of passengers stranded, and losses from flight cancellations amounting to at least $3.3 million. The total damage from the attack was likely tens of millions of dollars.
The Bells report cannot be independently verified at this time. Its worth pointing out that the publication was founded in 2017 by Russian journalists (according to The Record), and that it was designated by the Russian government as a foreign agent.
In Russia, being labeled a foreign agent means the government claims an organization receives money from abroad and is involved in political
activity. In practice, its a stigma: the group must mark all publications
with a warning, file extra reports, face frequent inspections, and risk heavy fines. Its mainly used to pressure NGOs, media outlets, and activists the state considers undesirable.
Via The Record
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/russian-airline-hack-came-through-third -party-tech-vendor
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)