Aeroflot Airlines’ IT Infrastructure Destroyed in Year-Long Attack

Russia’s Aeroflot, one of the world’s oldest airlines, has been left scrambling after pro-Ukraine hackers claimed to have “completely destroyed” the carrier’s internal IT infrastructure in a stealthy, year-long campaign.

The groups, known as “Silent Crow” and Belarusian counterpart “Cyber Partisans BY,” said they gained deep-tier access to systems ranging from booking platforms to executive e-mail, culminating in the erasure of roughly 7,000 servers and the theft of at least 20 TB of flight logs, passenger data, and internal communications.

Screenshots accompanying the post show what appear to be Active Directory trees and surveillance-system folders allegedly captured during their clandestine access.

The attackers claim they penetrated the airline’s network in mid-2024 through targeted phishing and zero-day exploits, slowly escalating privileges until they reached Tier-0 domain controllers, the “crown jewels” of any Windows-based enterprise.

BLUF

TTP that has been known and utilized for years has ‘apparently’ been used successfully for a potentially crippling breach. On one hand Aeroflot got off lightly. If they truly had root (admin) access then more than wiping servers they could have inflicted more insidious harm into the programs, services etc. In fact, the hardware side could have been damaged as well. They could (maybe they did) brick the firmware force CPU and GPU to run at 100% or greater capacity and much more. On the other hand, this is not confirmed but preliminary data indicates a significant strike.

Contact us for making sure your infrastructure is protected.

Be safe out there!