Russia faces retaliation from Ukraine as a cyberattack is launched against their forces in Crimea. Independent hackers also target Aeroflot, resulting in the grounding of multiple planes.
In a series of coordinated cyberattacks, pro-Ukrainian hacking groups, including the Silent Crow and the Belarusian Cyber Partisans, targeted Russia's flagship airline, Aeroflot, in July 2025. This sophisticated operation, which reportedly took a year to prepare, resulted in the destruction of Aeroflot's core IT infrastructure and the grounding of dozens of flights.
The hackers infiltrated more than 7,000 servers, stealing over 20 terabytes of sensitive data. Critical systems such as Sabre reservation, SharePoint, and Exchange email servers were compromised, operating at the highest administrative privilege level within the airline’s network. This attack caused massive disruption primarily at Moscow’s Sheremetyevo Airport, with 42-49 flights being cancelled.
The attackers, known for their combination of hacking techniques and physical sabotage, aimed to undermine Russian military and civilian infrastructure in response to the ongoing conflict. Beyond Aeroflot, other significant Russian infrastructure, such as Moscow’s largest pharmacy chains, were also disrupted around the same time.
Organizations face a challenging situation when dealing with DDoS attacks. Assuming it is a distraction requires resources to investigate, while assuming it isn't might result in missing signs of a larger operation. In this case, the DDoS attack served as a diversion, allowing the hackers to execute their destructive sabotage.
It is important to note that the cyber conflict between Ukraine and Russia has a complex history, with various pro-Ukrainian hacking groups targeting critical Russian infrastructures. The Silent Crow and the Ukrainian Cyber Alliance, which includes Belarusian activists (Cyber-Partisans), have played key roles in data breaches, DDoS attacks, and destructive sabotage.
As we move forward, it is possible that similar cyberattacks, conducted with or without support from Ukraine's military, may continue in the weeks and months ahead. Organisations must remain vigilant and prepared to respond to such threats.
[1] Source 1 [2] Source 2 [3] Source 3 [4] Source 4
- In the complex realm of international politics and war-and-conflicts, the ongoing cyber conflict between Ukraine and Russia has become a significant concern, involving destructive sabotage and data breaches, as shown in the attacks on Aeroflot and Moscow's largest pharmacy chains. (Source 1, Source 4)
- As technology advances, cybersecurity becomes increasingly crucial in decision-making processes, especially in sectors such as aviation and healthcare, given the potential impact of a cyberattack like the one that disrupted Aeroflot's operations and other critical Russian infrastructures. (Source 3, Source 4)
