Hackers Reportedly Wrecked Aeroflot Airlines’ IT Systems in Ongoing Year-Long Attack

Pro-Ukraine hacking groups “Silent Crow” and “Cyber Partisans BY” have claimed responsibility for a devastating cyberattack against Russia’s flagship carrier Aeroflot, alleging they completely destroyed the airline’s internal IT infrastructure in a year-long campaign that culminated in the erasure of approximately 7,000 servers and theft of over 20 terabytes of sensitive data.

The attack has forced widespread flight cancellations and triggered a criminal investigation by Russian authorities, marking a significant escalation in cyber warfare tactics targeting critical infrastructure.

The attackers claim they penetrated Aeroflot’s network in mid-2024 through targeted phishing campaigns and zero-day exploits, gradually escalating their privileges over nearly a year before executing their destructive payload.

According to the hackers’ detailed timeline, they achieved Tier-0 domain controller access by spring 2025, gaining administrative control over critical systems including Sabre reservation platforms, Sirax crew management, SharePoint collaboration tools, Exchange email servers, and the airline’s security operations center monitoring systems.

The hackers claim to have extracted 12 terabytes of databases, 8 terabytes of file shares, and 2 terabytes of email stores before systematically overwriting or destroying the infrastructure.

Screenshots posted on Telegram allegedly show Active Directory trees and surveillance system folders captured during their unauthorized access, though Aeroflot has not independently verified these claims.

Immediate Operational Chaos

The cyberattack triggered immediate operational paralysis at Russia’s largest airline, with employees losing access to booking systems, crew scheduling platforms, and internal messaging services.

The operation reached its climax on July 27, 2025, when the groups activated wiper malware across 122 VMware ESXi hosts and additional virtual clusters.

Aeroflot publicly acknowledged an “information-system failure” on Monday morning, leading to the cancellation of 42 domestic and regional flights from Moscow’s Sheremetyevo Airport, which later increased to 49 cancelled flights as the crisis deepened.

Passengers faced significant disruptions as departure boards displayed widespread “CANCELLED” notices and fuel dispatch systems experienced brief outages.

The airline’s stock price on the Moscow Exchange dropped more than 4% in intraday trading as investors reacted to the severity of the incident.

Geopolitical Implications

Russian authorities have launched a criminal investigation under Article 272 for “unauthorized access,” with Kremlin spokesperson Dmitry Peskov describing the incident as “quite alarming” and highlighting vulnerabilities facing Russian enterprises amid the ongoing conflict in Ukraine.

According to Report, Cybersecurity analysts estimate that rebuilding Aeroflot’s digital infrastructure could cost tens of millions of dollars and require months of recovery efforts.

The Prosecutor General’s office has formally opened proceedings against the perpetrators, though the international nature of the attack presents significant enforcement challenges.

Silent Crow has threatened to release “partial data dumps” containing passengers’ personal information and recorded phone calls in coming weeks unless Moscow ends what they term “repressive cyber-aggression” abroad.

If verified, such data leaks could expose millions of customer records and intensify regulatory scrutiny across multiple jurisdictions.

The attack represents a notable escalation in the digital front of the Russo-Ukrainian conflict, demonstrating how hacktivist groups are increasingly targeting critical infrastructure to achieve strategic objectives beyond traditional military targets.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.