Russian airline Aeroflot has been hit by a devastating cyberattack that forced the cancellation of at least 49 flights and severely disrupted its internal operations. The hacker group Silent Crow has claimed responsibility for the breach, describing it as a year-long infiltration of the airline’s corporate infrastructure.
The attackers claim to have destroyed around 7,000 servers, both physical and virtual, and exfiltrated an estimated 20 terabytes of data. This includes 12 TB of databases, 8 TB of files from internal Windows shares, and 2 TB of corporate email archives.
According to a statement from Silent Crow, the breach gave them access to nearly every key component of Aeroflot’s digital infrastructure:
- Flight history databases
- Corporate systems such as CREW, Sabre, SharePoint, Exchange, КАСУД, Sirax, CRM, ERP, 1C, DLP, and more
- Employee computers, including those of top executives
- Surveillance and internal monitoring systems
- Audio recordings of intercepted phone calls and communications
- Data from 122 hypervisors, 43 ZVIRT virtualization installations, approximately 100 iLO server interfaces, and 4 Proxmox clusters
The hackers claim that all these systems are now either destroyed or inaccessible, warning that recovery could take months and cost tens of millions of dollars. They described the damage as "strategic in scale."
Silent Crow said the attack was not just sabotage but also a deliberate message to Russian intelligence agencies and cybersecurity entities such as the FSB, RT-Solar, and the National Coordination Center for Computer Incidents (NCCCI).
"You are incapable of protecting even your most critical infrastructure," the group declared. "To all members of the repressive apparatus — your digital security is meaningless. You’ve long been under observation."
The hackers also threatened to publish parts of the stolen data, including personal information on all Russian citizens who have ever flown with Aeroflot. They emphasized that the goal was not only to destroy infrastructure but also to leave a trace of their presence.
"Glory to Ukraine! Long live Belarus!" the group concluded in their statement.
Aeroflot has officially attributed the disruption to an “information systems failure”, but has not commented on the extent of the breach or confirmed Silent Crow’s claims. The Russian authorities have also yet to issue a formal response.
