Cyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war

Russian developers behind a custom firmware used to convert consumer drones for military use in Ukraine have reported a cyberattack on their infrastructure, disrupting the system that distributes the software.

According to a statement posted on the Telegram channel Russian Hackers – To the Front, unidentified hackers breached servers responsible for delivering the “1001” firmware, displayed false messages on operator terminals, and then disabled the system. 

The developers said the firmware itself was not compromised, calling the risk of backdoors or malicious code “extremely low.” However, drone operators were advised to disconnect their terminals as a precaution.

The firmware, used to modify certain DJI drone models, is not available for public download and is distributed through a network of drone service centers equipped with pre-configured laptops, known as “terminals,” that receive updates from a remote server. Independent Russian cybersecurity expert Oleg Shakirov said on Telegram the attackers likely targeted this server. 

“No one has claimed responsibility for the attack so far, but it’s clear the perpetrators knew exactly what they were doing — the target was highly specialized,” he said.

The developers claim around 200,000 drones had been updated with the 1001 firmware as of March. While not widely known, the software removes manufacturer-imposed flight limits, improves resistance to GPS spoofing, and enables the use of high-capacity batteries, all of which makes them more suitable for military missions.

The extent of the impact of the cyberattack remains unclear. Without functioning terminals, drones cannot be reflashed with the firmware, potentially limiting Russia’s ability to deploy modified drones on the battlefield, Shakirov said.

Both Russia and Ukraine have used DJI drones in combat despite the Chinese manufacturer’s public stance against military use and its decision to halt sales to both countries. Drones are typically procured through third parties and reprogrammed to bypass restrictions.

The incident marks one of the rare instances of a Russian military tech developer publicly acknowledging a cyber intrusion. Ukraine has previously reported similar cases.

In 2022, Kyiv accused Russian hackers of targeting its battlefield coordination platform known as Delta with malware designed to steal sensitive information. The system aggregates real-time data from drones, satellites, electronic warfare tools and surveillance cameras, providing Ukrainian forces with a constantly updated picture of ground, air, sea, space and cyber activity to support rapid decision-making in combat.

That incident was thwarted while the hacking campaign was still in the preparation stage, Ukrainian officials said, but attacks on Delta are ongoing.