"Aeroflot attacked by CyberPartisans of Belarus: over 7,000 servers destroyed and offensive messages left
On the night of 27-28 July, hackers from the CyberGuerrillas of Belarus group launched a large-scale cyberattack on the corporate infrastructure of Aeroflot, Russia's largest airline. The attack, according to the cyber guerrillas, completely paralysed the work of the offices in Sheremetyevo and Melkisarovo, and destroyed more than 7,000 servers, workstations and key databases of the company. Some of the systems, including CRM, ERP, Exchange, 1C, Sabre and security systems, were completely wiped using a special algorithm.
Image description. Illustration: CyberGuerrillas of Belarus
The attack was carried out by the Silent Crow hacker group, which had been developing access to Aeroflot's network for months. According to them, the compromise was facilitated by the management's habit of using weak passwords - for example, the company's CEO Sergei Alexandrovsky allegedly hasn't changed his password since 2022.
Screenshot of the "Password" file on the Windows desktop. Illustration: CyberGuerrillas of Belarus
On the morning of 28 July, a message from hackers appeared on the screens of employees, and the company itself admitted to a "technical failure".
Censored image of the message by gg. Illustration: CyberGuerrillas of Belarus
Amid the attack, numerous flights have been cancelled or postponed, Aeroflot's stock market value is plummeting, and the company is preparing for a long recovery period. According to the hackers, a lot of internal information - including employee correspondence, flight history databases and wiretaps - has been saved for future publications.
Many databases, employee wiretaps, emails and much more have been downloaded, expect more leaks!
Who's behind it
The cyberattack was carried out by members of the CyberGuerrillas of Belarus group, who openly stated their goal: to attack all companies in Russia and Belarus that support the Kremlin's dictatorship and threaten the security of Ukraine and Belarus.
"All data is wiped with a special innovative algorithm." Illustration: CyberGuerrillas of Belarus
Consequences.
- Complete destruction of Aeroflot's corporate network
- Damage to databases on flights, crews, tickets and other critical systems
- Significant flight delays and financial losses
- A reputational blow to Russia's key transport company
This is one of the largest attacks on Russian infrastructure in recent years. And, judging by the cyber guerrillas' reports, it will not be the last.
Source: CyberGuerrillas of Belarus