"Aeroflot attacked by CyberPartisans of Belarus: over 7,000 servers destroyed and offensive messages left

By: Anry Sergeev | 28.07.2025, 13:57
A mysterious collage featuring Aeroflot: unravelling the mystery Collage with an Aeroflot plane. Source: КиберПартизаны Беларуси

On the night of 27-28 July, hackers from the CyberGuerrillas of Belarus group launched a large-scale cyberattack on the corporate infrastructure of Aeroflot, Russia's largest airline. The attack, according to the cyber guerrillas, completely paralysed the work of the offices in Sheremetyevo and Melkisarovo, and destroyed more than 7,000 servers, workstations and key databases of the company. Some of the systems, including CRM, ERP, Exchange, 1C, Sabre and security systems, were completely wiped using a special algorithm.

Illustration: CyberGuerrillas of Belarus
Image description. Illustration: CyberGuerrillas of Belarus

The attack was carried out by the Silent Crow hacker group, which had been developing access to Aeroflot's network for months. According to them, the compromise was facilitated by the management's habit of using weak passwords - for example, the company's CEO Sergei Alexandrovsky allegedly hasn't changed his password since 2022.

Screenshot of the 'Password' file on the Windows desktop. Illustration: CyberGuerrillas of Belarus
Screenshot of the "Password" file on the Windows desktop. Illustration: CyberGuerrillas of Belarus

On the morning of 28 July, a message from hackers appeared on the screens of employees, and the company itself admitted to a "technical failure".

Censored by gg editorial image of the message. Illustration: CyberGuerrillas of Belarus
Censored image of the message by gg. Illustration: CyberGuerrillas of Belarus

Amid the attack, numerous flights have been cancelled or postponed, Aeroflot's stock market value is plummeting, and the company is preparing for a long recovery period. According to the hackers, a lot of internal information - including employee correspondence, flight history databases and wiretaps - has been saved for future publications.

Many databases, employee wiretaps, emails and much more have been downloaded, expect more leaks!

Who's behind it

The cyberattack was carried out by members of the CyberGuerrillas of Belarus group, who openly stated their goal: to attack all companies in Russia and Belarus that support the Kremlin's dictatorship and threaten the security of Ukraine and Belarus.


"All data is wiped with a special innovative algorithm." Illustration: CyberGuerrillas of Belarus

Consequences.

  • Complete destruction of Aeroflot's corporate network
  • Damage to databases on flights, crews, tickets and other critical systems
  • Significant flight delays and financial losses
  • A reputational blow to Russia's key transport company

This is one of the largest attacks on Russian infrastructure in recent years. And, judging by the cyber guerrillas' reports, it will not be the last.

Source: CyberGuerrillas of Belarus

Announcements Safety and hackers Military
Latest news
Latest reviews
Latest articles
Latest Discussions