Cyber Incident Victim: Favt
Date:
Mar 2022
Location:
Russia
Summary
A Russian federal aviation regulatory agency experienced a severe cyberattack causing extensive system disruptions, including the collapse of its network and the erasure of approximately 65TB of data. The incident led to the loss of over a year's worth of emails, forced a switch to paper-based operations due to electronic system failures, and rendered its primary website inaccessible. With no functional backups available for recovery, the organization worked with law enforcement and security services to investigate while partially restoring email access and anticipating full data storage recovery. Social media channels remained operational despite the outage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 26, 2022, the Russian Federal Air Transport Agency (Rosaviatsiya), responsible for civil aviation oversight, suffered a major cyberattack that disrupted its digital operations. The attack caused the collapse of the agency's entire network infrastructure, resulting in the erasure of approximately 65 terabytes of data including documents, mail, and files. Telegram channel Aviatorshina reported the attack led to the loss of 1.5 years' worth of email communications, with no available backups for system restoration. By March 28, Rosaviatsiya's official website (favt.ru) became inaccessible and remained offline. The agency publicly acknowledged technical failures in its electronic document management system and internet access disruptions, forcing an immediate transition to paper-based operations as confirmed in an official statement signed by agency head Alexander Neradko. Russia's prosecutor's office and Federal Security Service (FSB) initiated investigative and recovery efforts at Rosaviatsiya's facilities starting March 26. Independent sources cited by Kommersant newspaper corroborated that the outages stemmed from a cyberattack rather than technical malfunctions.
The incident caused significant operational disruption to Rosaviatsiya's core aviation oversight functions, necessitating manual processing of documents typically handled through electronic systems. Data destruction impacted critical agency records including recent correspondence and administrative files, with recovery efforts complicated by the absence of functional backups. Despite these challenges, Rosaviatsiya maintained limited public communications through its social media channels on Telegram and VK, continuing to post updates and references to its nonfunctional website. By March 30, partial restoration progress enabled tentative email service access, though full recovery of data storage systems remained ongoing. The scale of data loss—equivalent to 65TB—represented one of the largest publicly disclosed cyber incidents affecting Russian government infrastructure at the time, with operational consequences requiring sustained manual workarounds during recovery. No attribution claims or specific attack vectors were formally identified in available reports.