Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Ukrainian hackers have targeted Russia’s largest airline, causing flights across the country to be grounded.
Pro-Ukrainian hacking group Silent Crow announced the cyber attack in a post on Telegram, saying it had stolen data and “destroyed” the airline’s systems.
“Together with our colleagues from Cyberpartisans BY … we announce the successful completion of a long-term and large-scale operation, which resulted in the complete compromise and destruction of the internal IT infrastructure of Aeroflot … — Russian Airlines,” the translated Telegram post said.
“For a year, we were inside their corporate network, methodically developing access, delving into the very core of the infrastructure.”
The threat actors said that they accessed and exfiltrated full flight history databases, compromised critical corporate systems, including “CREW, Sabre, SharePoint, Exchange, KASUD, Sirax, CRM, ERP, 1C, DLP and others”, gained access and control of personal employee devices, including senior management, copied wiretapping server data, which included telephone conversion recordings, and exfiltrated data.
“We gained access to 122 hypervisors, 43 ZVIRT virtualization installations, about a hundred iLO interfaces for server management, 4 Proxmox clusters. As a result of the actions, about 7,000 servers were destroyed – physical and virtual. The volume of information obtained is 12 TB of databases, 8 TB of files from Windows Share, 2 TB of corporate mail,” the group said.
“All these resources are now inaccessible or destroyed, recovery will require, possibly, tens of millions of dollars. The damage is strategic.”
The group threatened Russian cyber defence agencies, saying they were unable to defend their critical infrastructure, adding that they were under long surveillance and would publish the data in the future.
“We did not just destroy the infrastructure – we left a trace. Glory to Ukraine! Long live Belarus,” the group added.
“The personal data of all Russians who have ever flown Aeroflot have now also gone on a trip – albeit without luggage and one way.”
Aeroflot’s website was down earlier but has been restored at the time of writing. However, access is first met with a message, which, when translated from Russian, said: “Your web browser will now be tested. Please wait for the page to load.”
According to a statement by the Russian Prosecutor General’s Office, the attack led to 80 flights being delayed and 60 being cancelled.
According to the Associated Press, the airline cancelled over 100 flights.
Be the first to hear the latest developments in the cyber industry.
