Silent Crow and Cyber Partisans, two groups of anonymous Belarusian hackers living abroad and fighting with the Belarusian and Russian dictatorships, recently claimed responsibility for an attack on the IT infrastructure of Aeroflot, Russia's flagship airline.
From the hackers’ perspective, the attack was a demonstration of the “insignificance” of the digital security of key Russian systems. On July 28, the Russian airline talked about disruptions in its information systems, which led to widespread flight cancellations and delays.
According to information on the airline’s website, 19 Aeroflot flights and those of its subsidiary, Rossiya Airlines, were canceled from Moscow, and 16 were delayed. Going in the opposite direction, 16 flights were canceled and 27 delayed. In St. Petersburg, six flights under the SU code — the International Air Transport Association (IATA) flight designator for Aeroflot — were canceled and nine delayed; four and 16 flights respectively were affected on the return route. Aeroflot announced a “forced adjustment to the flight schedule” due to “disruptions in service operations.”
Later, a statement appeared on the Silent Crow Telegram channel, where the group claimed responsibility for a “prolonged and large-scale operation” against the airline's information technology (IT) systems. According to the statement, the hackers had been inside the company's corporate network for a year, during which time they had gained access to key infrastructure nodes, including Tier0 — critical infrastructure with the highest level of risk if infiltrated.
The hackers say critical systems were compromised and partially destroyed, including flight history databases, crew management systems, and more. They also claim to have gained access to employees’ personal computers, including those of company leadership, as well as to wiretapping servers and internal communications.
The groups added that around 7,000 physical and virtual servers were destroyed, while the total volume of data obtained amounted to approximately 22 terabytes, inclusive of databases, email, and file storage systems. By their estimates, the reported damage could reach tens of millions of US dollars.
Emphasizing that the operation was directed against Russian security and cyberstructures, including the Federal Security Service of the Russian Federation (FSB), the National Coordination Center for Computer Incidents (NCCCI), and others, the hackers described the attack as a “direct message” about the ineffectiveness of existing cybersecurity measures in Russia and stated that “the personnel of the repressive apparatus have long been under surveillance.”
The groups also announced plans to publish part of the obtained data, saying, “We didn't just destroy the infrastructure, we left a trace.”
[GlobalVoices/VS]
Also Read:
