Hackers crippling Russia's Aeroflot airline in a series of three significant attacks over the past six months: an overview of the cybercriminals behind these disruptive incidents
Anonymous Pro-Ukrainian Hackers Strike Russian Institutions
A mysterious hacker group known as Silent Crow has been causing havoc in the Russian cyber landscape, targeting major state institutions and corporations. The group, which presents itself as pro-Ukrainian hacktivists, has been operating since late 2024, leaving a trail of high-profile cyberattacks in its wake.
In July 2025, Silent Crow made international headlines when it claimed responsibility for a strategic cyberattack on Russia’s flagship airline, Aeroflot. The attack resulted in the cancellation of over 100 flights, causing tens of millions of dollars in damages and raising alarm bells in the Kremlin.
Silent Crow reported having maintained access to Aeroflot’s network for about a year, gaining control over critical infrastructure, employee computers, and sensitive data, including passenger flight histories and audio recordings of staff conversations. The group described the attack as a “political message” without demanding ransom, indicating a politically motivated hacktivist agenda focused on destabilizing Russian government-affiliated entities.
The group also collaborated with the Belarusian hacktivist group Cyber Partisans in the Aeroflot attack. Cyber Partisans, which emerged from Belarusian opposition movements, have a history of cyber operations against Belarusian and Russian authorities.
Prior to the Aeroflot attack, Silent Crow targeted Russia's Federal Service for State Registration, the Land Registry and Cartography (Rosreestr), and Rostelecom, the largest Russian telecommunications provider, in January 2025. In the Rostelecom attack, Silent Crow extracted 154,000 email addresses and 101,000 phone numbers of Russian users, as well as user queries and the database of the public procurement portal operated by Rostelecom.
The group's activities have been met with concern by Russian authorities. The Russian Prosecutor General’s Office confirmed the disruption was caused by a cyberattack and launched a criminal case under Part 4 of Article 272 of the Russian Criminal Code. However, no government agency has yet identified the exact location of Silent Crow.
Rostelecom acknowledged the data leak but blamed it on "the infrastructure of one of its contractors". An investigative outlet, Agentstvo, verified 15 randomly selected entries and confirmed the individuals named were real. In several cases, property addresses matched actual places of residence.
As of now, Silent Crow's other declared targets include the Moscow Department of Information Technology, Kia Russia, and Alfa-Bank. The group does not demand ransoms, acts publicly, and releases the stolen data openly, aiming to exert deliberate information pressure.
In conclusion, Silent Crow represents a politically motivated, highly skilled, and covert hacker collective targeting Russian governmental and corporate infrastructure amid the ongoing Russia-Ukraine conflict and regional tensions. The group's actions have caused significant disruption and raised concerns about the security of critical infrastructure in Russia.
| Aspect | Details | |-------------------------------|-------------------------------------------------------------------------------------------------| | Identity | Unknown pro-Ukrainian hacker group, politically motivated | | Notable operations | Hacking Aeroflot (July 2025), Rosreestr, Rostelecom (January 2025) | | Attack scope on Aeroflot | One year’s network access, control of 7,000 servers, 22 TB data stolen, audio recordings taken | | Motive | Political message, destabilization, no ransom demands | | Collaborators | Worked with Belarusian group Cyber Partisans, known for opposition hacktivism | | Impact of Aeroflot attack | Cancellation of over 100 flights, tens of millions of dollars in damages, Kremlin alarmed | | Destroyed servers | Around 7,000 physical and virtual servers | | Data leaked from Rostelecom | 154,000 email addresses and 101,000 phone numbers of Russian users, user queries, and the database of the public procurement portal |
- The hacker group Silent Crow, known for its pro-Ukrainian stance, has been causing disruptions in the Russian economy by targeting technology infrastructure of major institutions and corporations.
- The government of Russia has expressed concern over Silent Crow's activities, particularly after the group collaborated with Cyber Partisans to hack Aeroflot in July 2025, causing enormous financial losses and disrupting general-news headlines.
- In the health sector, Silent Crow's cyberattack on Aeroflot led to the theft of sensitive data including passenger flight histories, raising questions about potential misuse of this information and compromising individual privacy.
- As cybersecurityconcerns escalate, Silent Crow's politically motivated actions underscore the growing threat of hacktivism in the context of regional tensions and international conflicts.
