Aeroflot, Russia's flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights.
Although official sources from Russia, like the General Prosecutor's Office, did not attribute the attack to specific threat groups or even origin, responsibility was taken by Ukrainian and Belarusian hacktivist collectives 'Silent Crow' and 'Cyberpartisans BY.'
The latter are known for previous attacks on the Belarusian Railway, the country's state-owned railway company, that actively supported the movement of Russian military equipment into Ukraine at the time.
According to announcements made on X and on Telegram, the hackers claimed to have infiltrated Aeroflot's IT infrastructure for over a year, mapped it extensively to pinpoint all valuable resources, and then "destroyed" it.
Specifically, the two groups claim to have gained access to 122 hypervisors, 43 ZVIRT virtualization installations, approximately 100 iLO interfaces used for server management, and four Proxmox clusters.
During their alleged access to those systems, they say they exfiltrated all databases from flight history and employee workstations (including of top executives), wiretapping servers containing phone call recordings, and personnel monitoring systems.
On the day of the action, the hacktivists claim to have wiped 7,000 physical and virtual servers hosting 12TB of databases, 8TB of Windows Share files, and 2TB of corporate email.
Finally, the hackers threatened to publish all the stolen data soon, warning that it would expose every Russian who has flown with Aeroflot.
Screenshot from the hacktivists' alleged access to Aeroflot's internal systems
Source: Silent Crow | Telegram
... continue reading