Russian flag carrier Aeroflot is reeling from a cyberattack that grounded over 60 flights and caused widespread delays across its network. The incident, which has not been officially attributed by Russian authorities, was claimed by two hacktivist groups: Ukraine-based Silent Crow and Belarusian collective Cyberpartisans BY.
According to messages posted on Telegram and X, the hackers claimed they had maintained covert access to Aeroflot’s internal systems for over a year. During this time, they said they meticulously mapped the airline’s infrastructure to identify critical assets—before ultimately launching a destructive attack that wiped thousands of servers and extracted terabytes of sensitive data.
“We’ve been inside their systems for over a year. We mapped everything. Then we destroyed everything,” the groups stated.
Hackers Claim Widespread Access and Destruction of IT Infrastructure
In their statement, the attackers claimed access to:
- 122 hypervisors
- 43 ZVIRT virtualization environments
- Approximately 100 iLO interfaces for server management
- 4 Proxmox clusters
The intruders allege they exfiltrated a wide array of sensitive content, including:
- Full flight history databases
- Workstation data from employees and executives
- Wiretapping servers with call recordings
- Surveillance systems monitoring personnel
On the day of the breach, they claim to have wiped:
- 7,000 physical and virtual servers
- 12TB of databases
- 8TB of files from Windows shared drives
- 2TB of corporate emails
The hackers warned they plan to publish the stolen data, which, they say, could expose “every Russian who has flown with Aeroflot.”
Aeroflot Has Not Confirmed Data Theft, But Operations Reflect Severe Impact
Although Aeroflot has not publicly confirmed any data breach or destruction, the company’s continued technical issues and widespread flight delays are consistent with the claims. Reports indicate that some flights are now operating without the aid of computer systems.
Aeroflot operates a fleet of 171 aircraft and serves 104 destinations, with a workforce of 33,500. The Russian government holds a 74% ownership stake. The airline transported over 55 million passengers last year—representing more than 42% of the Russian aviation market.
Despite the lack of a formal statement on the breach, the scale of disruption is evident. Dozens of flights remain canceled or delayed, with disruptions continuing beyond the initial day of the attack.
Hacktivist Campaigns Continue Targeting Russian Aviation
This isn’t the first reported cyberattack targeting Russia’s aviation sector. In November 2023, Ukraine’s Defense Ministry intelligence unit claimed responsibility for hacking Rosaviatsia—Russia’s Federal Air Transport Agency. That breach allegedly revealed the deteriorating state of Russia’s air transport infrastructure under international sanctions, including shortages in spare parts and maintenance challenges.
The latest incident with Aeroflot highlights the growing threat of politically motivated cyberattacks on critical infrastructure, especially in sectors like aviation where service disruptions have immediate and wide-reaching effects.
As of now, there has been no indication from Russian authorities about the extent of damage or any potential response to the attackers’ claims.
