Ukraine claims cyber operation against Russian aviation agency

Ukraine's defense intelligence directorate has claimed it carried out a successful cyber operation against Russian government’s civil aviation agency, also known as Rosaviatsia.

The agency reported November 23 that as a result of the hack, it obtained “a large volume of confidential documents,” including a list of daily reports from Rosaviatsia spanning more than a year and a half.

The agency didn't reveal any technical details of what it called a “complex special operation in cyberspace,” nor when it was conducted. Rosaviatsia hasn't responded to a request for comment.

It appears to be the first time that Ukraine’s government has taken responsibility for a cyber operation against a Russian target. Pro-Ukraine groups and hacktivists have claimed several such incidents since the Russian invasion in early 2022, including the attacks on airlines, banks and internet providers.

In October, a source within Ukraine's security services told Recorded Future News that they collaborated with pro-Ukrainian hackers to breach Russia's largest private bank. However, the agency has not officially acknowledged it.

Rosaviatsia intel

Rosaviatsia is responsible for overseeing the civil aviation industry in Russia and ensuring its safety. Ukraine's defense intelligence has claimed that the analysis of leaked documents indicates that the civil aviation sector of Russia "is on the verge of collapse."

To support that claim, the Ukrainian agency published screenshots of several documents that were purportedly leaked and listed some facts it learned from them. The authenticity of the data couldn't be independently verified.

The Ukrainian agency stated that the reported rise in accidents and aircraft malfunctions in Russia is attributed to foreign sanctions. The sanctions include bans on supplying aircraft and spare parts, refusals of software updates, detentions of Russian aircraft abroad, and restricted access to meteorological information for air navigation.

“Moscow is trying to hide the endless pile of problems with civil aviation, endangering its residents,” the Ukrainian agency said.

Rosaviatsia has experienced multiple data breaches and cyberattacks over the past two years. It is not clear which of them can be attributed to Ukrainian government activity.

In March of last year, Rosaviatsia reportedly had to switch to pen and paper after a severe cyberattack, resulting in the collapse of its entire network. The agency also reportedly lost 1.5 years' worth of emails in what appeared to be a supply chain attack.

At that time, various Russian Telegram channels focusing on aviation published details about the hack that they claimed to have obtained from sources within the agency. According to these sources, the person behind the hack was an employee with Ukrainian nationality who injected a virus through her work computer.

Rosaviatsia denied these reports. The agency said that the incident was a distributed denial-of-service (DDoS) attack and “did not affect the work of the aviation industry in the country.”