First Drones, Then Cyber Attacks; Aeroflot Under Siege From Ukrainian Hackers

The latest turn in Russia’s ongoing invasion of Ukraine has been increased activity behind its own borders, with the aviation sector as a particular target of focus. Already heavily attacked by drones, Moscow is now also dealing with Ukrainian hacktivists launching damaging cyber attacks.

The group Silent Crow took credit for a recent attack on major regional airline Aeroflot, an apparent ransomware attack that caused a rash of flight cancellations and delays. This is no shakedown, however; the Ukrainian hackers have announced their intention to destructively target Russian critical infrastructure and have been doing a capable job of it since the beginning of the year.

Aeroflot attack results in flight cancellations, loss of online services

The Aeroflot disruptions began on July 28 and stretched into July 29. Passengers reported being unable to log into their online accounts or use the ticket refund feature, and the airline ultimately canceled about 54 of its flights on the first day and 53 in total (including inbound flights to Moscow operated by subsidiary Rossiya Airlines) on the second day. Delays sometimes stretching to hours long were also reported for other flights.

As of the 29th Aeroflot said that it had restored its internal systems. However, the airline has released little specific information about the cyber attack. The hackers themselves have heavily implied that destructive ransomware was deployed, not just to cripple the airline’s operations but to steal passenger and internal company information. They are also claiming that the airline has reverted to manual operations behind the scenes to keep things running, something that would cost it a great deal of extra money.

Residents of Russia have come to expect that drone attacks might disrupt their travel in and out of Moscow in recent months, with a particularly big one taking place in early July that also led to a rash of flight cancellations. But aggressive cyber attacks have more frequently struck Ukraine’s infrastructure in this way since the beginning of the war. There is not yet any real evidence that Silent Crow is state-sponsored, but its successful operations since 2024 read like the resume of at minimum a top-class ransomware outfit if not a group backed by the resources of an intelligence agency.

Effective string of cyber attacks brings Russian civilian data into the war

Silent Crow claims to purely be a private hacktivist group, and some security research does trace its origins to a seemingly grassroots eruption of such groups in mid-2022 not long after the invasion began. The group has stood out as of late with its successful campaign against high-profile targets, however, beginning with an announcement of its intent to make war on Russian critical infrastructure near the end of 2024.

Its first big breach was Russia’s Federal Service for State Registration, which manages the country’s social security programs and pension contributions. This resulted in the theft and leaking of a total of about two billion records, including the SNILS social security numbers for about 80,000 to 90,000 people. The group has also since launched successful cyber attacks against Moscow’s Department of Information Technologies, Rostelecom, Alfa Bank and automaker Kia’s Russian arm among other targets.

Aeroflot will only confirm that it had a “failure” of information systems, while Silent Crow is claiming that they destroyed over 7,000 company servers and stole a variety of emails, messages and internal sensitive information, to include the company’s full customer database. The hackers also claim that they spent a year reconnoitering and planning the Aeroflot cyber attack while having a foothold in their systems, which is believable given the level of damage done and the group’s prior actions. The incident demonstrates what security teams in private industry that might be targeted, particularly critical infrastructure companies, must anticipate when their countries are embroiled in an all-out shooting war.