Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations

The hacker groups Silent Crow and Cyber Partisans BY have claimed responsibility for a large-scale cyberattack on one of Russia’s key state-owned companies – the Aeroflot airline.

This was reported on Silent Crow’s official Telegram channel.

The attack resulted in the destruction of approximately 7,000 physical and virtual servers, as well as the cancellation of at least 42 round-trip flights from Moscow to cities such as Yerevan, Minsk, Yekaterinburg, Grozny, Kaliningrad, Mineralnye Vody, and others.

Additionally, the hackers reportedly destroyed around 7,000 physical and virtual servers, exfiltrated over 22 terabytes of data – including flight records, internal emails, and corporate documents – and gained access to 122 hypervisors, numerous virtualization clusters, and remote management servers.

The hackers claimed to have compromised all of the company’s critical systems, including CRM, ERP, Sabre, 1C, CREW, Exchange, personnel tracking and monitoring systems, as well as stolen data from servers used for surveillance and monitoring.

Update 21:00 with comment from Sabre representative

Sabre Corporation has clarified to Militarnyi that Aeroflot does NOT run on Sabre.

“We are not associated with this issue. While I understand that hackers have claimed this in their statement, we can confirm that this is not true,” said Cassidy Smith-Broyles, Global Director of Public Relations and External Affairs at Sabre Corporation.

According to them, restoring the infrastructure will require tens of millions of dollars, with the damages described as strategic in scale.

They referred to the attack as a ‘direct message’ to the FSB, the National Coordination Centre for Computer Incidents (NCCC), and other Russian cybersecurity agencies – highlighting their inability to protect even the country’s most vital assets.

It was also stated that the personal data of all Russian citizens who have ever flown with Aeroflot had been compromised, and that the publication of part of the obtained materials would begin in the near future.

In June, Ukrainian cybersecurity specialists carried out an attack on the resources of the Tupolev Design Bureau – a leading Russian aerospace manufacturer.

The hackers reportedly gained access to critically important information from the producer of Russia’s strategic aviation, totaling over 4.4 GB.

This included internal correspondence between the company’s leadership, personal data of design bureau staff, residential addresses, engineers’ and designers’ CVs, procurement-related documents, records of closed-door meetings, and more.

As a symbolic conclusion to the operation, the Defence Intelligence of Ukraine hacked the official Tupolev website, posting an image on the homepage of an owl clutching a Russian aircraft in its talons.