Russian airline hack came through third-party tech vendor

1. Pro
2. Security

Russian airline hack came through third-party tech vendor News By Sead Fadilpašić published 11 December 2025

Local journalists are investigating last summer's breach

Comments (0) ()

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Image Credit: Pexels (Image credit: Image Credit: Pexels)

• Aeroflot’s July outage was likely a supply‑chain attack via developer Bakka Soft
• Attackers exploited months‑old access, lacking 2FA, to deploy extensive malware and disrupt flights
• Damage reached tens of millions, though The Bell’s report remains unverified and politically sensitive

The cyberattack against Aeroflot, Russia’s flagship airline, was allegedly a supply-chain attack, as new reports claim it was done through an outside software developer that had access to the carrier’s IT network.

In late July this year, news broke of a cyber-incident at Aeroflot that disrupted the carrier’s operations and grounded dozens of flights. The Kremlin confirmed the attack, while two hacktivist groups - Silent Crow, and Cyberpartisans, claimed responsibility. The former is a Ukrainian group, while the latter - Belarusian.

Now, journalists from a local news outlet called The Bell claim the attack was done through Bakka Soft, a Moscow-based software development company that worked on Aeroflot’s iOS apps and quality management systems. The publication cited two people familiar with the investigation as well as those close to the company.

You may like

• Alaska Airlines has grounded its fleet once again due to a mystery IT issue
• EU says ransomware to blame for attack which caused chaos at airports
• Cyber resilience: how airlines can prevent the summer holiday from hell

Catch the price drop- Get 30% OFF for Enterprise and Business plans

The Black Friday campaign offers 30% off for Enterprise and Business plans for a 1- or 2-year subscription. It’s valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer.

View Deal

Millions in damages

Allegedly, there had been “suspicious activity” on Aeroflot’s IT infrastructure in January, roughly half a year before the attack, but the carrier did not tighten up on its security.

Six months later, the attackers moved in through the same vulnerability and installed two dozen malware tools. Although it's rather vague, but the report claims that the company did not have two-factor authentication (2FA), and kept access to Aeroflot’s infrastructure, allowing the attackers to establish persistence.

Bakka Soft never confirmed its systems were breached, and the hacktivists did not want to disclose how they broke in.

The incident resulted in more than a hundred grounded flights, tens of thousands of passengers stranded, and losses from flight cancellations amounting to at least $3.3 million. The total damage from the attack was likely “tens of millions of dollars”.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

The Bell’s report cannot be independently verified at this time. It’s worth pointing out that the publication was founded in 2017 by Russian journalists (according to The Record), and that it was designated by the Russian government as a “foreign agent”.

In Russia, being labeled a “foreign agent” means the government claims an organization receives money from abroad and is involved in “political activity.” In practice, it’s a stigma: the group must mark all publications with a warning, file extra reports, face frequent inspections, and risk heavy fines. It’s mainly used to pressure NGOs, media outlets, and activists the state considers undesirable.

Via The Record

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Alaska Airlines has grounded its fleet once again due to a mystery IT issue    EU says ransomware to blame for attack which caused chaos at airports    Cyber resilience: how airlines can prevent the summer holiday from hell    Iberia tells customers it was hit by a major security breach    Russian tech firm attacked by Chinese state hackers in allied attack    Qantas admits 5 million customers have data leaked following ransomware attack - here's what you need to know    Latest in Security ICO levies £1.2 million fine against LastPass — data breach compromised info on 1.6 million users    Hackers distribute thousands of phishing attacks through Mimecast's secure-link feature    OpenAI admits new models likely to pose 'high' cybersecurity risk    Google releases emergency fix for yet another zero-day    16TB of corporate intelligence data exposed in one of the largest lead-generation dataset leaks    Proton Pass just made it even easier for developers to retrieve secrets — and that's a win for everyone involved    Latest in News ChatGPT 5.2 is here and ready to show you professional AI    Mullvad retires OpenVPN support on desktop, pushing all users to WireGuard    Switzerland will revise proposed law change after backlash from tech industry    How to watch Celtic vs AS Roma: Europa League 2025/26 free stream, TV channels, kick-off time    ‘They gave us the iPhone camera’: F1 producer Jerry Bruckheimer on Apple’s ‘phenomenal’ involvement in the movie’s production    The Galaxy Z TriFold has a neat PC trick that could justify its price tag    LATEST ARTICLES

1. 1I wasn’t convinced there was a need for the LG StanByMe 2 TV – but I’m completely sold on this rollable display after 3 weeks with it
2. 2Which brand has the best pet hair tool? I tested a whole bunch – here are the results
3. 3ChatGPT 5.2 is here and all about being a better thinker – here are the 3 things you need to know
4. 4Mysterious 88-core AMD CPU surfaces on eBay, and here's why I think it's the start of something big
5. 5OpenAI admits new models likely to pose 'high' cybersecurity risk