Pro-Ukraine hacktivist groups have claimed responsibility for an audacious attack on Russia’s national airline which appears to have grounded dozens of flights.
The incident, timed to cause maximum disruption to Russian holidaymakers, reportedly led to the cancellation of over 50 flights. It comes alongside what appears to be a new campaign by the Ukrainian military to target Russian airspace with drones, in a bid to “bring the war home” to ordinary Russians.
Although Aeroflot claimed it was due to “information systems failure,” hacktivist group Silent Crow took to Telegram to provide its own version of events.
“Together with colleagues from [Belarussian group] Cyber Partisans we declare the success of a long and large-scale operation, as a result of which the internal IT infrastructure of Aeroflot was completely compromised and destroyed,” the post claimed.
“Throughout the year we were inside their corporate network, methodically developing access deepening to the very core of the infrastructure – Tier 0.”
Read more on Ukrainian hacktivism: Ukrainian Hackers Take Out Russian Banking Infrastructure
Although the claims have yet to be verified, the group also said it managed to:
- Destroy 7000 physical and virtual servers
- Exfiltrate 20TB of data from databases, Windows shares and corporate email archives
- Access flight history databases, corporate systems (eg Exchange, SharePoint, CRM), and employee computers
- Copy data from wiretapping servers
“All these resources are now unavailable or destroyed. Recovery will require, perhaps tens of millions of dollars. The damage is strategic,” the group claimed.
Silent Crow, which has been linked to previous data breaches of Moscow’s government, the Russian outpost of South Korean carmaker Kia and a state-owned telecoms company, promised to start releasing the stolen data soon.
“We didn’t just destroy the infrastructure – we left a mark,” the group said. “[We have] the personal data of all Russians who have ever flown Aeroflot.”
Exabeam senior director of security research, Steve Povolny, described the incident as among the most disruptive Russia has experienced since invading its neighbour.
“The Aeroflot strike combined deep covert infiltration, physical destruction of servers, and cascading service failure affecting both domestic and international travel. It represents a new level of cyber impact in war operations – shutting down civilian mobility while sending a broader psychological message,” he said.
“It’s important to recognize how the threat has evolved: actors are blending espionage, sabotage, and data destruction to undermine national resilience. From a security leader’s perspective, the Aeroflot attack reinforces the need for continuous threat hunting, network segmentation, disaster recovery planning, and collaboration across industry and government to defend critical civilian systems during wartime."
Image credit: Savvapanf Photo / Shutterstock.com