A coordinated cyberattack against Russia’s national airline, Aeroflot, has caused a massive disruption of flight operations, grounding over 80 flights and canceling around 60 more at Moscow’s Sheremetyevo International Airport.
The Russian Prosecutor General’s Office confirmed the disruption was the result of a deliberate and large-scale hacker attack that crippled the airline’s information systems.
The operation was claimed by a coalition of hacktivist groups, including the Ukrainian ‘Silent Crow’ and the Belarusian Cyber Partisans (Киберпартизаны BY), who announced the attack through their Telegram channels. According to their statement, the hackers had infiltrated Aeroflot’s internal IT network for over a year, eventually gaining Tier 0 access, meaning full control over the airline’s most privileged systems. The attackers claim to have exfiltrated and destroyed vast amounts of sensitive corporate and customer data in what they describe as a strategic blow to Russia’s digital infrastructure.
Aeroflot, headquartered in Moscow and operating as the country’s flag carrier, is one of the largest and oldest airlines in the world. It serves tens of millions of passengers annually and is a critical component of Russia’s transportation and state logistics infrastructure. The airline’s systems support a complex ecosystem including booking platforms, crew scheduling, customer service, regulatory compliance, and internal communications, all of which appear to have been impacted by the breach.
The attackers claim to have compromised an extensive list of systems, including flight operations and reservation systems, internal communications and resource planning, and data loss prevention and personnel monitoring.
Additionally, they allege to have seized control of over 122 hypervisors, 43 ZVIRT virtualization deployments, and nearly 100 iLO server management interfaces, resulting in the destruction of approximately 7,000 physical and virtual servers. The stated data haul includes:
- 12 TB of flight history databases
- 8 TB of Windows file shares
- 2 TB of internal corporate email
- Surveillance audio and communication intercepts from employee monitoring tools
The attackers positioned the operation as both a symbolic and strategic act, aiming to expose what they describe as the weakness of Russia’s cybersecurity defenses. They specifically called out the FSB (Federal Security Service), NCCCI (National Coordination Center for Computer Incidents), and RT-Solar, claiming these agencies are unable to protect even the country’s most critical infrastructure. The attackers also stated that they intend to begin publishing portions of the exfiltrated data in the near future.
CyberInsider
In response, the Moscow Interregional Transport Prosecutor’s Office has opened a criminal case under Part 4, Article 272 of the Russian Criminal Code, which covers unlawful access to computer information with grave consequences. A mobile legal station was deployed at Sheremetyevo Airport to assist affected travelers, and a hotline has been established to handle complaints regarding passenger rights violations.
Operationally, Aeroflot faces a cascading series of issues: from re-establishing internal systems and restoring passenger trust, to mitigating any fallout from leaked personal data. As of yet, the airline has not issued any official statements regarding the incident.
Leave a Reply