Aeroflot Hit by Year‑Long Cyber Operation That Allegedly Wiped 7,000 Servers
Russia’s flagship carrier Aeroflot is reeling from a devastating cyberattack that pro-Ukraine hacking groups claim wiped approximately 7,000 servers and stole over 20 terabytes of sensitive data during a year-long clandestine operation.
The airline was forced to cancel dozens of flights Monday morning, leaving passengers stranded at Moscow’s Sheremetyevo Airport amid what officials described as a “complete destruction” of critical IT infrastructure.
Coordinated Assault Targets Aviation Giant
According to Cyber Security News report, the hacktivist groups “Silent Crow” and Belarus-based “Cyber Partisans BY” announced their responsibility for the attack through a joint Telegram statement, describing it as a “strategic strike” against both Aeroflot and Russia’s state security apparatus.
The groups claim they gained deep-tier access to systems ranging from booking platforms to executive email servers, culminating in the systematic erasure of the airline’s digital backbone.
According to the hackers’ timeline, the operation began in mid-2024 with targeted phishing campaigns and zero-day exploits that provided initial network access.
Over several months, the attackers escalated their privileges until reaching Tier-0 domain controllers, gaining administrative control over reservation systems, email platforms, and surveillance infrastructure.
The attackers reportedly compromised core platforms including Sabre, SharePoint, Exchange, CRM, and ERP systems, as well as monitoring tools used by Aeroflot’s security operations center.
Screenshots released by the groups appear to show Active Directory trees and surveillance system folders allegedly captured during their infiltration.
Aeroflot initially attributed Monday’s disruptions to an unspecified “information-system failure,” but the scale of the outage quickly became apparent as 49 flights were cancelled and departure boards displayed widespread “CANCELLED” notices.
Passengers reported chaotic scenes at Sheremetyevo, with fuel-dispatch systems briefly offline and travellers told to retrieve luggage and leave the terminal.
Russia’s Prosecutor General has opened a criminal investigation under Article 272 for “unauthorised access,” while Kremlin spokesperson Dmitry Peskov called the incident “quite alarming.”
The attack underscores growing cybersecurity vulnerabilities facing Russian enterprises amid the ongoing conflict in Ukraine.
The cyberattack has already impacted Aeroflot’s market valuation, with shares dropping more than 4% on the Moscow Exchange following news of the breach.
Cybersecurity analysts estimate recovery costs could reach “tens of millions of dollars” and require months of infrastructure rebuilding.
Silent Crow has threatened to release “partial data dumps” including passenger personal details and recorded phone calls unless Moscow ends what they term “repressive cyber-aggression” abroad.
If verified, such leaks could expose millions of customer records and intensify regulatory scrutiny across multiple jurisdictions.
The incident represents a significant escalation in the digital front of the Russo-Ukrainian conflict, marking the first full-scale cyber-sabotage of Russia’s flagship airline and delivering both symbolic and operational damage to the country’s aviation sector.
Get Free Ultimate SOC Requirements Checklist Before you build, buy, or switch your SOC for 2025 - Download Now
Source link