7,000 Servers Destroyed: Cyberattack Cripples Russia’s Aeroflot
World
On the morning of July 28, Russia’s largest airline, Aeroflot, suffered a massive cyberattack that disabled its key IT systems, grounded dozens of flights, and affected over 75,000 passengers. The hacker groups Silent Crow and Belarusian Cyber Partisans BY claimed responsibility, declaring they had “completely destroyed” the airline’s internal infrastructure.
The attack began around 7:40 AM Moscow time, bringing down critical systems including flight schedules, check-in, and aircraft servicing.
Aeroflot was forced to cancel 49 round-trip flights across Russia and the CIS, including major routes to St. Petersburg, Sochi, Kazan, Minsk, Kaliningrad, Ufa, and Krasnoyarsk. Passengers at Sheremetyevo Airport were asked to leave the premises to avoid crowding. Refunds are only available at the original place of purchase, as airport ticket offices remain offline.
According to Silent Crow and Cyber Partisans BY, they had maintained access to Aeroflot’s internal network for a year, gradually infiltrating the core (Tier 0) of its infrastructure. Their claims include:
Destruction of up to 7,000 physical and virtual servers
Theft of 22 terabytes of data, including personal information of passengers
Access to internal communications, surveillance footage, and call recordings
Compromise of executive-level employee computers
Russia’s Prosecutor General’s Office confirmed a criminal case under Article 272, Part 4 of the Criminal Code — unlawful access to computer information causing serious consequences. The Kremlin called the situation “concerning,” while experts warn that recovery may take a week and cost millions.
Aeroflot’s stock fell by nearly 4% on the Moscow Exchange following the attack.
Aeroflot was forced to cancel 49 round-trip flights across Russia and the CIS, including major routes to St. Petersburg, Sochi, Kazan, Minsk, Kaliningrad, Ufa, and Krasnoyarsk. Passengers at Sheremetyevo Airport were asked to leave the premises to avoid crowding. Refunds are only available at the original place of purchase, as airport ticket offices remain offline.
According to Silent Crow and Cyber Partisans BY, they had maintained access to Aeroflot’s internal network for a year, gradually infiltrating the core (Tier 0) of its infrastructure. Their claims include:
Destruction of up to 7,000 physical and virtual servers
Theft of 22 terabytes of data, including personal information of passengers
Access to internal communications, surveillance footage, and call recordings
Compromise of executive-level employee computers
Russia’s Prosecutor General’s Office confirmed a criminal case under Article 272, Part 4 of the Criminal Code — unlawful access to computer information causing serious consequences. The Kremlin called the situation “concerning,” while experts warn that recovery may take a week and cost millions.
Aeroflot’s stock fell by nearly 4% on the Moscow Exchange following the attack.
Powered by Froala Editor