Hackers claim complete destruction of Aeroflot’s IT systems: flights canceled, shares plunge
By ForGeeks
The pro-Ukrainian hacker group Silent Crow, together with the Belarusian movement Cyber Partisans, has claimed a successful cyberattack on Aeroflot. According to them, the company’s internal IT infrastructure was completely destroyed as a result of a lengthy operation. The hackers said they had been inside the corporate network for a year, gradually deepening access all the way to the core – the Tier0 level.
They said they obtained a full array of flight history databases and compromised all of the airline’s key systems. The list of compromised platforms includes CREW, Sabre, SharePoint, Exchange, CASUD, Sirax, CRM, ERP, 1C, DLP and others. In addition, the hackers claim to have gained control of employees’ personal computers, including senior executives.
They were also able to obtain data from wiretap servers, including audio recordings of phone calls and intercepted messages. Camera recordings and personnel monitoring data were extracted from surveillance systems. Access was gained to 122 hypervisors, 43 ZVIRT installations, about a hundred iLO interfaces, and four Proxmox clusters. The attack resulted in the destruction of about 7,000 physical and virtual servers. The total amount of information obtained, according to the hackers, amounted to 12TB of databases, 8TB of Windows Share files and 2TB of corporate email.
The hackers claim all of these resources are now destroyed or completely inaccessible, and recovery could require tens of millions of dollars. They call the incident a “strategic loss” to Aeroflot and the entire public sector digital circuit.
They are calling the incident a “strategic loss” to Aeroflot and the entire public sector digital circuit.
Aeroflot has canceled dozens of flights since the morning of July 28, explaining it was a “failure of information systems.” According to official data, 42 pairs of flights were canceled at Moscow’s Sheremetyevo airport alone, including routes to Yekaterinburg, Astrakhan, Kazan, Grozny, Mineralnye Vody, Minsk, Yerevan, and other cities.
The scoreboard at Sheremetyevo showed a significant number of flights in red, and queues of passengers demanding refunds were formed at check-in counters.
Aeroflot shares fell more than 3% amid mass flight cancelations and reports of hacking. There has been no official comment from the airline’s representatives on the attack.
If confirmation of the attack comes from independent sources, it could become one of the most serious cybersecurity incidents in the history of cybersecurity in Russian civil aviation.
According to the airline, the attack was confirmed by an independent source.
The Hackers claim Aeroflot’s IT systems completely destroyed: flights canceled, stock plunges was first published on ITZine.ru.
