Hackers Attack Aeroflot, Causing Tens of Millions in Damages
A massive cyberattack has hit Aeroflot, Russia’s largest airline, disrupting operations and forcing the cancellation of dozens of domestic and international flights. Hacker groups Silent Crow and the Belarusian collective Киберпартизаны BY (Cyberpartisans BY) have claimed responsibility, stating the attack was carried out as retribution for Russia’s invasion of Ukraine.
- According to the hackers, they maintained access to Aeroflot’s internal network for nearly a year, infiltrating a wide range of systems.
- Among those compromised were CREW, Sabre, SharePoint, Exchange, KASUD, Sirax, CRM, ERP, 1C, DLP, and others.
- They also reportedly gained access to the personal computers of employees, including those of senior management, and extracted data from internal surveillance and personnel monitoring systems.
In total, the attackers claim they destroyed 7,000 physical and virtual servers. They also exfiltrated a massive volume of data: 12 TB of databases, 8 TB from Windows Share, and 2 TB of corporate email. The group says it plans to publish parts of the stolen data.
Restoring Aeroflot’s systems could cost tens of millions of dollars, according to the hackers. They also allege that passenger personal data has been compromised. In response, Aeroflot has canceled additional flights and begun rebooking affected passengers with other carriers.
Who Are Silent Crow?
Silent Crow first appeared in January 2025 when they claimed responsibility for breaching Rosreestr, Russia’s state real estate registry. In that operation, they reportedly obtained 1 TB of data — approximately 2 billion records, including the personal information of Russian citizens.
The Aeroflot attack marks the group’s second high-profile operation. They have also been linked to other large-scale infrastructure breaches, including one targeting telecom giant Rostelecom.
Unlike traditional ransomware gangs focused on profit, Silent Crow positions itself more as a hacktivist collective. Their goal appears to be political and social disruption rather than financial gain. Their operations frequently involve data destruction and infrastructure sabotage, and they often work alongside the Cyberpartisans BY, a Belarusian opposition-aligned hacking group.
Hackers Attack Aeroflot, Causing Tens of Millions in Damages
A massive cyberattack has hit Aeroflot, Russia’s largest airline, disrupting operations and forcing the cancellation of dozens of domestic and international flights. Hacker groups Silent Crow and the Belarusian collective Киберпартизаны BY (Cyberpartisans BY) have claimed responsibility, stating the attack was carried out as retribution for Russia’s invasion of Ukraine.
- According to the hackers, they maintained access to Aeroflot’s internal network for nearly a year, infiltrating a wide range of systems.
- Among those compromised were CREW, Sabre, SharePoint, Exchange, KASUD, Sirax, CRM, ERP, 1C, DLP, and others.
- They also reportedly gained access to the personal computers of employees, including those of senior management, and extracted data from internal surveillance and personnel monitoring systems.
In total, the attackers claim they destroyed 7,000 physical and virtual servers. They also exfiltrated a massive volume of data: 12 TB of databases, 8 TB from Windows Share, and 2 TB of corporate email. The group says it plans to publish parts of the stolen data.
Restoring Aeroflot’s systems could cost tens of millions of dollars, according to the hackers. They also allege that passenger personal data has been compromised. In response, Aeroflot has canceled additional flights and begun rebooking affected passengers with other carriers.
Who Are Silent Crow?
Silent Crow first appeared in January 2025 when they claimed responsibility for breaching Rosreestr, Russia’s state real estate registry. In that operation, they reportedly obtained 1 TB of data — approximately 2 billion records, including the personal information of Russian citizens.
The Aeroflot attack marks the group’s second high-profile operation. They have also been linked to other large-scale infrastructure breaches, including one targeting telecom giant Rostelecom.
Unlike traditional ransomware gangs focused on profit, Silent Crow positions itself more as a hacktivist collective. Their goal appears to be political and social disruption rather than financial gain. Their operations frequently involve data destruction and infrastructure sabotage, and they often work alongside the Cyberpartisans BY, a Belarusian opposition-aligned hacking group.
