Sections
Themes
Projects of "Ukrainian Truth"
Українська правда
Mezha Mezha

Cyberpartisans and hackers from Silent Crow announced the destruction of the IT infrastructure of the Russian Aeroflot. What is known?

Dmytro Kazantsev - 28 July, 07:07 PM

Pro-Ukrainian hackers "Cyberpartisans BY" and representatives of the Silent Crow group announced that they successfully conducted a long and large-scale operation, as a result of which the internal IT infrastructure of the airline "Aeroflot" was completely destroyed.

According to Reuters, a devastating cyberattack by hackers forced Russia's national airline to cancel dozens of flights on Monday.

According to the agency, the Kremlin said the situation was alarming; lawmakers called it a wake-up call for Russia; the local prosecutor's office confirmed that the outage was caused by hacking and opened a criminal case.

It is noted that shares of the airline Aeroflot fell by almost 4%, worse than the market as a whole, which fell by 1.4%. Hackers published screenshots of file directories from the Aeroflot network and threatened to soon begin publishing the personal data of all Russians who have ever flown on the airline's flights, as well as intercepted conversations and emails of the company's employees.

"For a year, we were inside their corporate network, methodically developing access, delving into the very core of the infrastructure — Tier0. In the near future, the publication of part of the data obtained will begin. We did not just destroy the infrastructure — we left a trace. The personal data of all Russians who once flew with Aeroflot have now also set off on a journey — albeit without luggage and one-way," representatives of the Silent Crow group noted.

Photo from the Silent Crow Telegram channel

According to the hackers, they managed to:

▪️receive and upload a full array of flight history databases;

▪️compromise all critical corporate systems, including: CREW, Sabre, SharePoint, Exchange, KASUD, Sirax, CRM, ERP, 1C, DLP and others;

▪️gain control over the personal computers of employees, including senior management;

▪️copy data from listening servers, including audio recordings of telephone conversations and intercepted communications;

▪️extract data from personnel surveillance and control systems.

Photo from the Silent Crow Telegram channel

"We gained access to 122 hypervisors, 43 ZVIRT virtualization installations, about a hundred iLO interfaces for server management, 4 Proxmox clusters. As a result of the actions, about 7,000 servers were destroyed - physical and virtual. The amount of information obtained was 12TB of databases, 8TB of files from Windows Share, 2TB of corporate mail," representatives of the Silent Crow hacker group said.

The community of anonymous hacktivists Cyberpartisans BY, who since December 2022 have joined forces with the Kastus Kalinovsky Regiment (fighting as one of the units of the Armed Forces of Ukraine), stated that the operation was carried out in close cooperation with Silent Crow.

Chinese hackers implicated in Microsoft SharePoint attacks

Photo from the website by.cpartisans.org

"We downloaded a lot of databases, wiretapping of employees, mail and much more. Wait for the downpours. We downloaded an array of flight history databases, which can now be used upon request for independent investigations. The restoration will take a long time. Most of the data for Aeroflot is lost forever. We are helping Ukrainians in the fight against the occupier, paralyzing the largest airline in the Russian Federation and causing huge losses," said Cyberpartisans BY.

Such messages were placed on the computer screens of Aeroflot employees

According to Belarusian hackers, the successful intrusion was made possible because some company employees neglected basic password security. For example, the CEO of Aeroflot did not change his password until 2022.

"The network uses Windows XP and 2003, which led to the compromise of their entire infrastructure. Thus, we gained control over the personal computers of employees, including top management. We methodically advanced to the core of the infrastructure - Tier0. The cyberattack on Aeroflot's corporate network began on the night of July 27-28. By morning, we had destroyed more than 7,000 servers and workstations, databases and internal systems. All data was erased with a special innovative algorithm," the cyber partisans explained.

Photo from the website by.cpartisans.org

As we wrote earlier, recently, as a result of an international special operation in Kyiv, the developer of a hacking platform with more than 50,000 registered users was exposed. Among these users are well-known hacker groups, in particular REvil, LockBit, Conti, Qilin. It is noted that using the "services" of the forum, cybercrime attacked automated management systems of banks, government agencies and large corporations in the USA and the EU. Thus, the attackers used malicious software purchased on the forum and priority access to computer networks of international companies to further extort money, and in case of refusal, they threatened the victims with "dumping" their data on the Internet and paralyzing the work of the organization.

Read also: Hacker attack on Microsoft affected 400 organizations worldwide

North Korean hackers ran a 'laptop farm' from a woman's home in Arizona

Technologies Aviation War Hackers Russia
Load more
On the subject
Several music bands leave Spotify due to founder's investments in defense and support for Ukraine
North Korean hackers ran a US 'laptop farm' from a woman's home in Arizona
Test in Ukraine: IRIS-T manufacturer tested a ground robot in Ukraine