Russian Flag Carrier Suffers Severe Technical Problems After Hackers Claim to Have Infiltrated IT Infrastructure

Russia’s largest airline, Aeroflot, has grounded dozens of flights and experienced severe delays due to a cyberattack that compromised its IT infrastructure. Although official sources have not attributed the attack to a specific threat group, Ukrainian and Belarusian hacktivist collectives ‘Silent Crow’ and ‘Cyberpartisans BY’ have claimed responsibility for the attack.

According to announcements made on X and Telegram, the hackers allegedly gained access to Aeroflot’s systems for over a year, mapping its infrastructure to pinpoint valuable resources. They claim to have infiltrated 122 hypervisors, 43 ZVIRT virtualization installations, and four Proxmox clusters, as well as accessed databases from flight history and employee workstations, wiretapping servers containing phone call recordings and personnel monitoring systems.

The hackers claim to have wiped 7,000 physical and virtual servers hosting 12TB of databases, 8TB of Windows Share files, and 2TB of corporate email. They have threatened to publish the stolen data soon, warning that it would expose every Russian who has flown with Aeroflot.

The hackers also claim to have accessed sensitive information, including:

• Flight schedules and passenger data
• Employee personnel records and security clearance information
• Financial data, including payment information and tax records
• Sensitive business information, including merger and acquisition plans

The hackers’ claims of extensive access to Aeroflot’s systems raise concerns about the potential for future attacks and the vulnerability of the airline’s IT infrastructure. Aeroflot’s reliance on outdated technology and lack of robust cybersecurity measures have been criticized by experts, who warn that the airline’s IT infrastructure is ripe for exploitation.

The Aeroflot cyberattack is not an isolated incident. In recent years, the airline has experienced a series of high-profile cyberattacks, including a 2020 incident in which hackers stole sensitive information from the airline’s website. The airline has also faced criticism for its slow response to cybersecurity threats, with some experts accusing the airline of prioritizing profits over passenger safety.

The consequences of the Aeroflot cyberattack are far-reaching, affecting not only the airline’s operations but also the broader aviation sector. The incident raises concerns about the security of critical infrastructure, the vulnerability of sensitive data, and the potential for future attacks. As the situation continues to unfold, one thing is clear: the cyberattack on Aeroflot marks a significant escalation in the ongoing conflict between Russia and Ukraine, with implications that extend far beyond the aviation sector.