Aeronautical disruptions in Russia as Ukrainian and Belarusian hackers infiltrate Aeroflot's systems, leading to numerous flight cancellations.
Aeroflot, Russia's largest airline, is working tirelessly to restore normal operations following a significant cyberattack that has caused disruptions and cancellations of over 100 flights. This incident marks the first major cyberattack of such magnitude for Aeroflot.
The attack, carried out by pro-Ukraine hacker groups Silent Crow and Cyber Partisans BY, infiltrated Aeroflot's IT systems in a stealthy campaign that lasted approximately a year, starting mid-2024. Using phishing and zero-day exploits, the hackers gained deep access up to Tier-0 domain controllers and subsequently destroyed roughly 7,000 servers, erasing vast amounts of data.
In addition to the server destruction, at least 20 terabytes of internal data were stolen, including flight logs, passenger data, and communications. The hackers published screenshots showing access to sensitive systems such as Active Directory directories and surveillance folders, declaring the attack a strategic strike against Aeroflot and Russia's state security apparatus.
The disruptions caused by this attack were evident at several Russian airports, including Moscow's Sheremetyevo Airport, Aeroflot's main hub. On the first day of the attack, 42 flights were cancelled, leading to terminal congestion and passenger frustration.
Europol and Eurojust announced the dismantling of the pro-Russian hacker group NoName057 earlier this month. However, the cyberattack on Aeroflot continues to cause concern, with the Kremlin describing it as quite alarming.
Roskomnadzor, the Russian telecommunications watchdog, did not confirm any data leaks. The Russian prosecutor general's office announced the opening of an investigation into unauthorized access to Aeroflot's information systems, stating that it was a cyberattack.
The hackers threatened to publish the personal data of all Russians who had traveled with Aeroflot. A group of Ukrainian hackers, known as Silent Hack, and another group of Belarusian hackers, named Cyber Partisans, claimed responsibility for the attack.
Aeroflot's CEO, Sergei Alexandrovsky, was reportedly using an unchanged password since 2022, and the airline was using outdated systems, including Windows XP and Windows 2003. Moscow has rejected accusations of cyberattacks, while Ukraine and its Western allies regularly accuse Russia of similar actions against public and private organizations' computer systems.
As Aeroflot continues to work towards recovery, the new flight cancellation tally is being regularly updated. Most of the flights affected were domestic, but some disruptions affected flights to Minsk, the Belarusian capital, and Yerevan, the Armenian capital.
- The cyberattack on Aeroflot, Russia's largest airline, has raised concerns in the realm of cybersecurity, as it was carried out by pro-Ukraine hacker groups Silent Crow and Cyber Partisans, exploiting outdated systems like Windows XP and Windows 2003.
- The attack on Aeroflot's IT systems, lasting approximately a year, has brought the intersection of technology and politics into focus, with the Kremlin describing the disruptions as quite alarming and Ukraine and its Western allies regularly accusing Russia of similar actions.
- In the aftermath of this cyberattack, the issue of crime and justice is being tangled with general-news and cybersecurity, as hacker groups like Silent Hack and Cyber Partisans threaten to publish the personal data of all Russians who had traveled with Aeroflt, potentially leading to further legal and ethical discussions.
