UNIT.City — місце, де люди працюють... КРАЩЕ! Обирай свій простір просто зараз 👉
Валентин ШнайдерHot News
30 July 2025, 15:50
2025-07-30
UPD. Aeroflot resumed operations a few days after the largest cyberattack on the company's IT infrastructure
Hacker groups Silent Crow and Cyber Partisans BY announced a large-scale operation in which they completely destroyed the internal IT infrastructure of the Russian airline Aeroflot. According to the attackers, the penetration of the corporate network lasted almost a year and ended with the complete compromise of control systems, telecommunications and databases.
Hacker groups Silent Crow and Cyber Partisans BY announced a large-scale operation in which they completely destroyed the internal IT infrastructure of the Russian airline Aeroflot. According to the attackers, the penetration of the corporate network lasted almost a year and ended with the complete compromise of control systems, telecommunications and databases.
(News supplemented with Sabre commentary)
This is stated in a message on the Telegram channel of the hacker group Silent Crow, which took responsibility for the hack. The hackers claim that they managed to gain access to critical corporate systems, including CREW, Sabre, Exchange, CRM, ERP, 1 °C, SharePoint, DLP and others. They also controlled the personal computers of employees, including top management, and collected data from 122 hypervisors, dozens of iLO remote management interfaces and virtualization servers. As a result of the attack, about 7,000 physical and virtual servers were destroyed.
UPD 19:04. After the release of the material, Sabre representatives contacted the editorial office. They refute the fact voiced by the hackers that Aeroflot used software developed by the company. «Aeroflot does not use Sabre. We are not associated with this problem. Although we understand that the hackers stated this in their statement, we can assure you that this is not true,» the company noted.
The total amount of information obtained, according to the hackers, is 22 TB, including 12 TB of databases, 8 TB of Windows Share files and 2 TB of corporate email. In addition, the attackers claim to have copied audio recordings of telephone conversations from listening servers, as well as data from surveillance and personnel control systems.
«This is a strategic blow. Restoring infrastructure could cost tens of millions of dollars,» the statement said.
Silent Crow also addresses Russian intelligence services, in particular the FSB and RT-Solar, hinting at their inability to protect even critically important facilities.
Aeroflot’s IT systems were disrupted on the morning of July 28. The company canceled more than 40 flights and did not provide an official explanation for the reasons. Passengers complained about the inability to exchange tickets and congestion at Sheremetyevo Airport. Aeroflot representatives only said that they were working to «minimize risks.»
The attack was another example of deep penetration into Russian IT systems, which threatens not only financial losses, but also discrediting the entire apparatus of the so-called «cybersecurity». Silent Crow has previously claimed responsibility for the hack of Rosregistr, and this time they stated: «We didn’t just destroy the infrastructure — we left a trace.»
Aeroflot stock collapse
The reaction was not limited to the aviation sector. According to stock exchange data, Aeroflot shares fell by 3,6% to 56.79 rubles per share, the worst drop among Russian issuers in a single day.
Reasons for the attack: weak passwords and outdated systems
Hackers from the Cyber Partisans group stated that the Aeroflot hack was possible due to a systematic disregard for basic cybersecurity principles. In particular, the company’s CEO, Sergey Alexandrovsky, according to them, had not changed his account password since 2022. In addition, Aeroflot still uses outdated operating systems, namely Windows XP and Windows Server 2003, which allowed attackers to compromise critical infrastructure.
What do cyber experts say?
According to the hackers themselves, it will cost tens of millions of dollars to restore the infrastructure. Here’s how cybersecurity expert Konstantin Korsun commented on the situation.
«This time I’ll tell you about the victory: the main passenger transportation company was hacked to the very core. If Aeroflot is restored in a few months, this is already a tangible blow to the fighters of the already weak economy of the maniac country.»
The attack on Russia’s key airline, which serves about 40% of the market, is reminiscent of the hack of Rosaviatsia in 2022. Then the agency could not work for several months and switched to paper-based document management. This time the consequences could be even more serious, in particular for the image of the Russian Federation as a digital state and the ability to protect critical infrastructure.
UPD 30.07, 15:47 Despite experts' forecasts of months for recovery, Aeroflot announced that it had completely stabilized the schedule in just two days. On July 29, the airline operated all 216 paired flights from Moscow and 73 regional flights bypassing the capital. As of July 30, the system already has 241 paired flights from Moscow and another 73 interregional ones. This was reported by the company’s press service.
We previously wrote about how, as a result of a special operation, cyber specialists from the Main Intelligence Directorate of Ukraine gained full access to the servers of the «government» of Crimea, where data on military facilities and logistical supply routes for enemy troops were stored.
UPD. Special services of 11 countries exposed the hacking campaign of the Russian intelligence. They hacked 10,000 cameras on the border to track military aid to Ukraine. What the State Security Service of Ukraine says
