Belarusian hackers take credit for Aeroflot cyberattack

A group of Belarusian hackers has claimed responsibility for a powerful cyberattack on Aeroflot, Russia’s largest airline. The group, known as Silent Crow, said the operation was not only meant to cause damage but also to send a clear warning to Russian authorities.

In a statement posted on the encrypted messaging app Telegram, Silent Crow revealed that it had secretly gained access to Aeroflot’s systems and stayed inside for nearly a year. During this time, the group says it mapped out the airline’s entire IT network and carefully prepared for the attack.

“We didn’t just hack them. We lived inside their system,” the hackers wrote. According to their message, the attack was carefully planned to show how weak and outdated Russia’s digital security really is.

Silent Crow was joined in the operation by Cyber Partisans, another hacker group made up of Belarusians living in exile. Both groups oppose the governments in Belarus and Russia and have been carrying out digital attacks as part of their resistance.

Hackers claim access to top-level systems and private data

The hackers said they accessed Tier0 infrastructure, the most critical level of an organization’s digital system. Tier0 access means control over core functions, such as user identities, security permissions, and key internal servers. If true, this would give the attackers nearly complete control over Aeroflot’s digital operations.

They also claimed to have taken over employee computers, including those used by the airline’s top leadership. According to Silent Crow, they viewed private company files, monitored internal communication channels, and even accessed wiretapping servers.

Belarusian hackers destroy Aeroflot servers, steal 22 terabytes of data in targeted cyber operation

The hackers said they destroyed around 7,000 servers, both physical and virtual. They also claim to have stolen 22 terabytes of data. This includes databases, emails, internal chats, and other company documents.

The group estimates the total damage could cost Aeroflot tens of millions of U.S. dollars. More importantly, they said the attack was a way to expose the failure of Russian cybersecurity systems.

“This was a message to Russia’s security agencies. Your systems are not safe,” they said.

Attack caused major flight delays across Russian airports

The cyberattack had real-world consequences. On July 28, Aeroflot announced that its information systems had been disrupted. This led to a wave of flight cancellations and delays across airports in Moscow and St. Petersburg.

From Moscow, 19 flights were cancelled and 16 were delayed, while 16 more were cancelled on the return leg. In St. Petersburg, 6 Aeroflot flights were cancelled and 9 delayed, along with more delays on flights heading back.

Aeroflot blamed the problems on a “forced adjustment to the flight schedule,” but gave few details. As travelers waited in terminals, Silent Crow released its public statement taking credit for the attack.

The hacker groups said this operation was also aimed at Russia’s cybersecurity agencies, including the Federal Security Service (FSB) and the National Coordination Center for Computer Incidents (NCCCI).

They ended their message by saying they plan to leak parts of the stolen data in the future. “We didn’t just destroy the infrastructure. We left a trace,” the message read.