Aeroflot, Russia’s flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights.
Although official sources from Russia, like the General Prosecutor’s Office, did not attribute the attack to specific threat groups or even origin, responsibility was taken by Ukrainian and Belarusian hacktivist collectives ‘Silent Crow’ and ‘Cyberpartisans BY.’
The latter are known for previous attacks on the Belarusian Railway, the country’s state-owned railway company, that actively supported the movement of Russian military equipment into Ukraine at the time.
According to announcements made on X and on Telegram, the hackers claimed to have infiltrated Aeroflot’s IT infrastructure for over a year, mapped it extensively to pinpoint all valuable resources, and then “destroyed” it.
Specifically, the two groups claim to have gained access to 122 hypervisors, 43 ZVIRT virtualization installations, approximately 100 iLO interfaces used for server management, and four Proxmox clusters.
During their alleged access to those systems, they say they exfiltrated all databases from flight history and employee workstations (including of top executives), wiretapping servers containing phone call recordings, and personnel monitoring systems.
On the day of the action, the hacktivists claim to have wiped 7,000 physical and virtual servers hosting 12TB of databases, 8TB of Windows Share files, and 2TB of corporate email.
Finally, the hackers threatened to publish all the stolen data soon, warning that it would expose every Russian who has flown with Aeroflot.
Source: Silent Crow | Telegram
Though the company has not confirmed any data destruction or compromise, its operational status reflects severe technical problems that indicate a cyberattack took place.
With a fleet of 171 aircraft, 33,500 employees, and 104 destinations, Aeroflot is Russia’s largest airline, with the government holding a 74% share in it. The company carried over 55 million passengers last year, accounting for more than 42% of the country’s market share.
Flight cancellations and delays reportedly continue today, while some scheduled flights will be performed without the support of computer systems.
This attack is not the first time that Ukrainians have claimed a successful compromise on Russia’s air transportation sector.
In November 2023, Ukraine’s intelligence service operating under the Defense Ministry claimed they had hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ In the attack, the hackers leaked data reflecting a state of decay caused by international sanctions and lack of spare parts.
CISOs know that getting board buy-in starts with a clear, strategic view of how cloud security drives business value.
This free, editable board report deck helps security leaders present risk, impact, and priorities in clear business terms. Turn security updates into meaningful conversations and faster decision-making in the boardroom.
