Favt

Favt operates as a Russian federal aviation regulatory agency, overseeing critical aspects of civil aviation operations and compliance within its jurisdiction. The organization's core responsibilities include establishing and enforcing aviation safety standards, managing air traffic control systems, and ensuring regulatory adherence across airlines and related entities. Its operational scope encompasses both domestic and international flight coordination, reflecting its role in maintaining Russia's aviation infrastructure. The agency's digital systems are integral to these functions, handling flight data, communications, and regulatory documentation essential for daily aviation activities.

A severe March 2022 cyberattack demonstrated Favt's systemic importance when adversaries collapsed its network infrastructure and erased approximately 65 terabytes of operational data. This incident forced an emergency transition to paper-based processes across multiple divisions, severely disrupting standard regulatory workflows and communications. The data loss included over a year's worth of organizational emails and rendered primary digital services inoperable, including its official website. With no functional backups available for recovery, the breach exposed critical vulnerabilities in the agency's data resilience strategies and contingency planning. Favt's collaboration with law enforcement and security services highlighted the incident's severity and the organization's reliance on external partners for forensic investigations.

Despite catastrophic system failures, the agency maintained limited public communications through operational social media channels during the outage. Recovery efforts focused on partially restoring email functionality while working toward reconstructing destroyed data storage systems. The scale of data loss—equivalent to decades of aviation records—underscored Favt's role as a centralized repository for flight safety information and regulatory archives. Ongoing investigations into the attack remained unresolved at the time of reporting, with no public attribution to specific threat actors. The incident's aftermath revealed the organization's operational fragility when core digital infrastructure becomes compromised, particularly given its lack of recoverable backups for mission-critical systems.