Russian airline Aeroflot was hit by a massive cyberattack this week, grounding dozens of flights and exposing sensitive data in what security experts are calling a “psychological operation” and kinetic sabotage.
The breach, claimed by pro-Ukraine hacktivist groups Cyber-Partisans and Silent Crow, allegedly destroyed over 7,000 servers and gave attackers access to the entire Aeroflot infrastructure.
Flights Canceled, Passengers Stranded
The attack began around 6:30 a.m. local time on July 29. Aeroflot announced an IT system failure as 54 flights were canceled and many more delayed at Sheremetyevo Airport, Russia’s busiest.
The Russian Ministry of Transport reported that staff were still preparing 206 of the 260 scheduled flights for departure, while hundreds of passengers remained stranded. The airline is now prioritizing key destinations like Sochi, Kaliningrad, and international routes.
Who’s Behind the Attack?
Two hacking groups took credit:
- Silent Crow, a known pro-Ukraine actor
- Belarusian Cyber-Partisans, a group fighting Lukashenko’s regime and aligned with Ukraine’s IT Army
Together, they claim to have spent over a year infiltrating Aeroflot’s systems, exfiltrating data and wiping infrastructure across multiple offices.
Hackers Detail the Damage
In a statement, Cyber-Partisans said:
- Over 7,000 servers and workstations were destroyed
- Entire corporate systems like CRM, ERP, SharePoint, Exchange, and even crew scheduling tools were wiped
- A file titled “AEROFLOT KAPUT” appeared on employee screens, with the message: “Let’s fly”
They also claimed to have accessed:
- Passenger flight histories
- Employee emails and wiretaps
- Senior management systems
- A significant portion of Aeroflot’s internal communications
The group blamed the breach on outdated systems (Windows XP, Windows Server 2003) and poor password hygiene. They even mocked CEO Sergei Aleksandrovsky for “not changing his password since 2022 😉”.
A Strategic Message, Not Just Sabotage
Security expert Steve Povolny of Exabeam called it “one of the most disruptive cyberattacks Russia has experienced” since the invasion of Ukraine.
He emphasized the strategic impact, stating:
“This is a clear example of kinetic sabotage—disrupting infrastructure without dropping a single bomb.”
The incident marks a shift from economic disruption to full-scale digital warfare, blending espionage, destruction, and psychological messaging.
Hackers Promise Leaks Are Coming
The hackers said they used a custom algorithm to permanently erase Aeroflot’s data and hinted that leaks are imminent, including internal emails and surveillance.
They also stated they’d publish the “most interesting” material to their Telegram channels.
Aeroflot Responds
Aeroflot has yet to release a timeline for service restoration. Affected passengers will be allowed to rebook or request refunds once systems return online.
The airline has brought in external cybersecurity teams but offered few public details.
Conclusion
The Aeroflot cyberattack represents a new level of cyber warfare—where civilian systems become digital battlefields. With travel halted, data lost, and reputations burned, the attack sends a powerful message: in modern conflict, servers crash before bombs fall.
0 responses to “Aeroflot Cyberattack Wipes 7,000 Servers in Major Hack by Pro-Ukraine Groups”