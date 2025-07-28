Belarusian hackers with «Cyber guerrillas BY» and Silent Crow claimed responsibility for the attack on Russian «Aeroflot» and shared its details. They claim that the company’s internal IT infrastructure was completely compromised and destroyed. As a result, «Aeroflot» reported a failure in its information system, which forced it to delay or cancel dozens of flights.

The hackers reported that they had been inside the corporate network of «Aeroflot» for a year. They gradually expanded their access and eventually reached the most critical level of infrastructure — Tier 0. In the end, they succeeded:

get a full array of databases with the history of all air travel;

Hack all key corporate systems: CREW, Sabre, SharePoint, Exchange, CASUD, Sirax, CRM, ERP, 1C, DLP, etc;

establish control over employees’ personal computers, including top management;

copy data from listening servers — including audio recordings of phone calls and intercepted messages;

extract data from personnel surveillance and monitoring systems;

gain access to important components of the IT infrastructure.

As a result of the attack, hackers destroyed approximately 7 thousand physical and virtual servers. The total amount of stolen information is: 12 TB of databases, 8 TB of files from shared Windows storages, and 2 TB of corporate mail.

These resources are either destroyed or completely out of service. Restoring the infrastructure will likely require tens of millions of dollars. According to the hackers, their attack on the company’s IT infrastructure has strategic implications.

In the near future, the hackers will start publishing parts of the data they have obtained.

Additionally, «Cyberguerrillas BY» and Silent Crow ridiculed the inability of the FSB, NCCCI, RT-Solar and other «cyber defenders» to ensure the security of even the most important systems.

This cyberattack is one of the largest operations against the critical IT infrastructure of a large Russian state-owned company. It demonstrates the vulnerability of Russian digital systems, even at the strategic level. It also confirms that cyber warfare has become no less real and destructive than traditional warfare — with consequences for millions of people.