Ukrainian and Belarusian hackers laid low the Kremlin flagship airline Aeroflot on Monday, wiping data bases, publishing passwords, stranding thousands of travelers and demolishing the IT infrastructure of Russia’s biggest air passenger carrier.
The massive cyber-attack brought Aeroflot freight flights – also the nation’s largest – to a near stand-still, aviation news platforms said. Hackers responsible for the attack claimed most of Aeroflot’s digital data base was irrevocably erased.
JOIN US ON TELEGRAM
Follow our coverage of the war on the @Kyivpost_official.
The digital assault hit Aeroflot servers during the night of July 28. The main targets were company communications and data-transfer infrastructure in airports in Moscow and Petersburg, and Aeroflot corporate headquarters.
The attack shut down airline computers at both airports, at Aeroflot branch offices, and at corporate headquarters at Melkisarovo near Sheremetovo airport. Moscow media reported the entire Aeroflot headquarters complex had its electricity shut off to prevent further access to compromised systems. Staff said they had been told not to access company networks, including email.
This snarky image published by the Belarusian cyber resistance group Cyberpartisans on Monday led an article detailing a massive hack attack against the Russian flagship airline Aeroflot. The two “pilots” at the right of the image are the Ukrainian actor/comedians Aleksy Agopyan (Navigator Drinkens) and Yury Stytskovsky (Commander, no surname) performing in the 1990s-era spoof aircraft disaster series “Nose Dive.” The show was wildly popular across the former Soviet space and is still in reruns in Russia and Ukraine.
Other Topics of Interest
“Sanctioned individuals cannot freely attend international gatherings!” Deputy Speaker Olena Kondratiuk protested at world parliamentarian summit.
The collapse of access to Aeroflot server-based information made effectively impossible aircraft refueling, determining crew location, identifying aircraft needing maintenance, tracking crew rest and even finding registered passenger lists.
The independent Russian news agency Astra citing the hackers reported the attack had practically destroyed Aeroflot’s internal IT infrastructure and wiped clean 7,000 servers. Deutsche Welle Belarus citing an interview with one of the hackers reported the attack hit 8,000 computers (PCs and servers) using a hundred different operating programs.
Aeroflot staff turning on computers could only reach a main screen on which two hacker groups took credit for the attacks. A screen shot of the start-up image, posted by the Belarusian hacktivist group Cyberpartisans, showed a plummeting airplane and vulgar language lampooning Aeroflot security.
A statement on the hackers’ website said the group teamed up with a long-established Ukrainian cyber guerilla group called Silent Crow to breach and exploit Aeroflot security for more than twelve months, before moving to shut down the airline’s data-sharing networks on Monday.
The groups said they were able to break in to Aeroflot data networks because of “poor password security” including by Aeroflot CEO Sergei Aleksandrovskiy who, per the hackers, had not changed his password since 2002. Primitive operating systems used across Aeroflot – Windows XP and 2003 – helped the hackers to gain access to the company’s entire digital network, the statement claimed.
The attackers injected an “innovative special algorithm” into corporate networks that erase all data in Aeroflot-operated CREW, Sabre, Sharepoint, Exchange, KASUD, Sirax, Sofi, CRM, ERP, 1C, and even security systems, and wiped clean all data used by those airline information-sharing programs without chance of recovery, the statement claimed in part.
Local news reported more than 50 Aeroflot flights canceled over the day and thousands of air travelers stranded in major airports across Russia’s thirteen time zones.
Open source flight tracking data platforms showed a sharp drop in Aeroflot flights over Russian Federation air space starting at about 05:00 UTC. The first official Aeroflot messages to passengers about the hacking assault, “possible errors in (Aeroflot) servers…requiring possible timetable correction” went out about an hour later.
Screen grab of frustrated travelers waiting to re-book tickets at Sheremetovo airport Moscow, open source video, X, Monday.
The airline instruction told passengers they could stay current on flight schedules by checking information boards at airports, or by listening for announcements. Travelers posted images of lengthy queues at Aeroflot desks of travelers attempting to reschedule or obtain a cancelled flight voucher, and complaints that luggage service had stopped and airport air condition was shut off.
Over the course of the day 52 passenger flights – about half of Aeroflot normal schedule – had been cancelled. The RBC news agency reported the airline’s income loss over the day at between 259 million to 500 million rubles ($3.15-$6.15 million). The attack caused Aeroflot stock to plummet 3.9 percent on the day, Moscow Times reported, calling the hacker assault “a serious disaster for the state-owned airline.”
Limited service continued throughout the day and into Tuesday. Aeroflot was operating at limited capacity and prioritizing flights to Russia’s otherwise poorly-service Caucasus region, to Siberia, Russia’s Far East and to selected international routes, a Monday Transport Ministry statement said.
Other major Russian air passenger carriers like S7 Airlines, Ural Airlines, Utair and Smartavia appeared to operating normally. Aside from air travelers, Aeroflot is Russia’s second biggest transporter of air freight. There were no early reports about possible effects the hack had, if any, on those aircraft streams.
Aeroflot’s main website was inaccessible on Tuesday. Websites for the Aeroflot subsidiaries Rossiya Airlines and Pobeda airlines appeared on Tuesday to be functioning normally.
Russian political scientist Sergei Markov, a longtime advisor in Kremlin circles, in comment published on his personal Telegram channel said the punishing cyber assault on Aeroflot had exposed complacency and unwillingness to acknowledge a war was on, by corporate leadership. Russia’s western enemies lay behind the attack, he claimed.
Markov said: “Huge chaos. Apparently, Aeroflot managers, like normal millionaires, all hoped that the conflict with the West would end soon…(I)t Because this is a conflict nobody needs…But it turned out they had to defend against the intelligence services of terrorist states. They were completely unprepared for that. Well, now everything will be explained to them!”
The Cyberpartisans statement said its operators had copied and archived all Aeroflot corporate data, and would be making public selections from that data base in coming weeks and months.