Russian airline hack came through third-party tech vendor

• Aeroflot’s July outage was likely a supply‑chain attack via developer Bakka Soft
• Attackers exploited months‑old access, lacking 2FA, to deploy extensive malware and disrupt flights
• Damage reached tens of millions, though The Bell’s report remains unverified and politically sensitive

The cyberattack against Aeroflot, Russia’s flagship airline, was allegedly a supply-chain attack, as new reports claim it was done through an outside software developer that had access to the carrier’s IT network.

In late July this year, news broke of a cyber-incident at Aeroflot that disrupted the carrier’s operations and grounded dozens of flights. The Kremlin confirmed the attack, while two hacktivist groups - Silent Crow, and Cyberpartisans, claimed responsibility. The former is a Ukrainian group, while the latter - Belarusian.

Now, journalists from a local news outlet called The Bell claim the attack was done through Bakka Soft, a Moscow-based software development company that worked ...