The hacker group Silent Crow has claimed the “complete destruction” of the internal IT infrastructure of the Russian airline group Aeroflot.
On Monday morning, Aeroflot confirmed a “malfunction in the information system,” but did not provide further details, according to The Moscow Times.
As a result, Russia’s largest airline has already cancelled more than 50 flights to and from Moscow’s Sheremetyevo Airport. The group’s subsidiary carriers, Rossiya and Pobeda, have not reported any issues so far.
Later, the Russian Prosecutor General’s Office acknowledged that the disruption of Aeroflot’s operations was indeed caused by a hacker attack, according to the Russian edition of Forbes. In response, local law enforcement opened a criminal case on unlawful access to computer information.
Meanwhile, Kremlin spokesperson Dmitry Peskov stated that the country’s leadership is aware of the disruption.
Last year, the Aeroflot Group accounted for 42% of Russia’s domestic air travel market, with a route network covering 342 destinations. Following the incident, the company’s shares on the Moscow Exchange dropped by 4%.
According to Silent Crow, as a result of a special operation carried out in partnership with the Belarusian group Cyber Partisans, around 7,000 physical and virtual servers of Russia’s national carrier were hacked and disabled. The hackers gained control over corporate systems, employees’ work computers, and 12 terabytes of databases containing flight history, email archives, and surveillance footage.
“All of these resources are now either inaccessible or destroyed, and recovery may require tens of millions of dollars. The damage is strategic,” Silent Crow stated.
Silent Crow described the attack as a “message” to Russia’s security agencies and companies that “cannot protect critical infrastructure.” The group had previously claimed responsibility for hacking Rostelecom and Rosreestr.
It was later reported that Russia’s unified government services portal, Gosuslugi, also went down, according to The Moscow Times.
The highest number of complaints came from Moscow (23%) and St. Petersburg (11%). Residents of the Yamalo-Nenets Autonomous Okrug, as well as the Nizhny Novgorod, Kaluga, Tver, and Sverdlovsk regions, also reported issues with the platform.
The main complaints involved the website being unavailable, page loading errors, and users being unable to access their personal accounts. Nearly 60% of users reported problems with the web version, while another 23% experienced issues with the mobile app. Due to the outage, people are unable to quickly obtain official certificates or process documents. The timeframe for restoring service remains unknown.
Earlier, it was reported that Russia had once again faced an aviation collapse: more than 1,000 flights were canceled due to Ukrainian drone attacks.
The hackers who claimed responsibility for breaching the information systems of Russia’s largest airline, Aeroflot, stated that the company’s CEO, Sergey Aleksandrovsky, had not changed his password since 2022.
On July 28, representatives of the Belarusian group of anonymous hacktivists, Cyber Partisans, explained how they managed to paralyze Russia’s largest airline in cooperation with their partners from Silent Crow. They said they had been expanding their access to Aeroflot’s corporate network over the course of several months.
CYBER STRIKE ON RUSSIA’S AEROFLOT
We are helping Ukrainians in their fight against the occupier by launching a cyber strike on Aeroflot and paralyzing Russia’s largest airline.
- We have destroyed over 7,000 servers and workstations at offices in Sheremetyevo, Melkisarovo, and associated data centers.
- We wiped databases and information systems including CREW, Sabre, Sharepoint, Exchange, KASUD, Sirax, Sofi, CRM, ERP, 1C, security systems, and other elements of Aeroflot’s corporate network.
- We extracted numerous databases, employee wiretaps, emails, and much more — expect leaks!
- We uploaded a massive database of flight histories, which can now be used upon request for independent investigations.
Cyber strike on Aeroflot — details of the attack
Together with our colleagues from Silent Crow, we spent many months inside Aeroflot’s corporate network, expanding our access. The successful intrusion was largely made possible because some company employees neglect basic password security. For example, Aeroflot CEO Sergei Aleksandrovsky hadn’t changed his password since 2022.
Windows XP and 2003 are used on the network, which led to the compromise of their entire infrastructure.
Thus, we gained control over the personal computers of employees, including top management. We methodically advanced all the way to the core of the infrastructure — Tier0.
The cyberattack on Aeroflot’s corporate network began on the night of July 27–28. By early morning, we had destroyed more than 7,000 servers and workstations, as well as databases and internal systems.
All data was wiped using a special, innovative algorithm.
We kept the most interesting things for ourselves, including employee wiretaps and work emails. Stay tuned for the publication on the channel!
We displayed the following message on employees’ screens:
By 8 a.m. Minsk time, official sources at Russia’s Aeroflot announced a “system malfunction.” But you and I know the truth.
A huge number of rashist flights have been delayed or canceled. The corporate network is in ruins, and most of the data has been lost forever.
The recovery will take a very long time, not to mention the financial damage to the rashist occupiers. Aeroflot’s shares are already plummeting. And this is just the beginning!
We will continue attacks against the aggressors as long as the Russian regime poses a direct threat to the territorial integrity and independence of Belarus and Ukraine. Any enterprise or organization in the territory of Russia or Belarus working for the Kremlin’s dictatorship could share Aeroflot’s fate.
Tags: aeforlot cyperattack russian airline
