Cyberattack Hits Aeroflot – Hackers Allegedly Devastate Airline’s IT Systems Over a Year

Russia’s flagship carrier Aeroflot faces unprecedented operational chaos following claims by pro-Ukraine hacktivist groups that they have destroyed the airline’s internal IT infrastructure after conducting a sophisticated year-long infiltration campaign.

The attack represents one of the most significant cyber operations targeting Russian aviation infrastructure since the conflict in Ukraine began.

Sponsored

class="wp-block-heading" id="massive-infrastructure-compromise">Massive Infrastructure Compromise

The hacktivist groups “Silent Crow” and Belarusian “Cyber Partisans BY” claimed responsibility for what they describe as a “strategic strike” that culminated in the erasure of approximately 7,000 servers and the theft of over 20 terabytes of sensitive data.

The attack forced Aeroflot to cancel 49 flights on Monday, leaving Moscow’s Sheremetyevo Airport terminals packed with stranded passengers facing widespread service disruptions.

According to the hackers’ detailed timeline, the operation began in mid-2024 when they gained initial network access through targeted phishing campaigns and zero-day exploits.

Over nearly a year, the attackers systematically escalated their privileges within Aeroflot’s systems, eventually reaching what cybersecurity experts call “Tier-0” domain controllers – the highest level of administrative access in Windows-based enterprise networks.

Extensive System Penetration

The hackers claim to have compromised critical platforms, including Sabre reservation systems, SharePoint collaboration tools, Exchange email servers, and even the airline’s security operations center monitoring tools.

This level of access reportedly allowed them to extract flight databases, passenger records, internal communications, and recorded phone calls totaling more than 20 terabytes of data.

The coordinated attack reached its climax on July 27, 2025, when the hackers activated destructive “wiper” payloads across 122 VMware ESXi hosts, effectively paralyzing Aeroflot’s digital operations.

Employees lost access to booking systems, crew scheduling platforms, and internal messaging tools, creating immediate operational paralysis.

Broader Implications

Russia’s Prosecutor General has opened a criminal investigation under Article 272 for “unauthorized access,” while Kremlin spokesperson Dmitry Peskov described the situation as “quite alarming.”

Cybersecurity analysts estimate that rebuilding Aeroflot’s digital infrastructure could cost tens of millions of dollars and require months of recovery work.

The incident has already impacted Aeroflot’s stock price, with shares dropping more than 4% on the Moscow Exchange.

Beyond financial losses, the attack raises serious concerns about aviation cybersecurity resilience within Russia during the ongoing conflict.

Silent Crow has threatened to release partial data dumps containing passengers’ personal information unless Moscow ceases what they term “repressive cyber-aggression” abroad.

If verified, such leaks could expose millions of customer records and trigger international regulatory scrutiny, marking a significant escalation in the digital dimension of the Russo-Ukrainian conflict.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post Cyberattack Hits Aeroflot – Hackers Allegedly Devastate Airline’s IT Systems Over a Year appeared first on Cyber Security News.