Cyber Incident Victim: Федеральное агентство воздушного транспорта
Date:
Mar 2022
Location:
Russia
Summary
A powerful cyber attack targeted Russia's civil aviation authority, erasing approximately 65 terabytes of data including aircraft registrations, documents, emails, and server contents, while also disabling its official website. The agency transitioned to paper-based operations and alternative communication channels due to the destruction of its electronic systems, with authorities investigating potential backups reportedly nonexistent due to funding shortages. While officials attributed the disruption to internet access issues and contractor failures—specifically naming infrastructure operator InfAvia—the incident was linked by the agency to a presumed hacking group, which publicly denied involvement to avoid endangering civilians. Prosecutorial and security services initiated investigations into the contractor's performance amid allegations of inadequate IT maintenance.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 25, 2022, a cyberattack targeted the Russian Federal Air Transport Agency (Rosaviatsia), erasing approximately 65 terabytes of data from its servers. The attack, detected by Saturday morning, destroyed critical operational records including aircraft registration databases, internal documents, emails, and electronic files. By Monday, March 26, Rosaviatsia’s official website (favt.ru) became inaccessible, signaling broader infrastructure disruption. Russian authorities did not formally acknowledge the cyberattack, instead attributing operational failures to a temporary internet outage and malfunctions within the agency’s electronic document management system. This forced Rosaviatsia to revert to manual processes, relying on postal mail and the Aeronautical Fixed Telecommunication Network (AFTN) for urgent communications. The scale of data loss left the agency unable to access essential aviation records, grounding critical administrative functions.
Investigations revealed systemic vulnerabilities tied to Rosaviatsia’s IT contractor, LLC InfAvia, which was accused of failing to meet contractual obligations for infrastructure maintenance. Prosecutors and the Federal Security Service (FSB) initiated an on-site inquiry at Rosaviatsia’s facilities starting Saturday. Efforts to restore operations were hampered by the absence of functional backups; reports indicated Russia’s Ministry of Finance had not allocated funds for backup systems, leaving no recovery options. Rosaviatsia publicly implicated its contractor for enabling the attack’s success and suggested involvement by the Anonymous hacking collective. Anonymous denied responsibility, asserting they avoid operations endangering civilian safety. The incident exposed severe gaps in Russia’s aviation data resilience, with no immediate path to recover the erased datasets or fully restore digital operations.