On 28 July, the hacker group Silent Crow, in cooperation with Cyber Partisans BY, breached Aeroflot's [Russia’s largest airline – ed.] internal IT infrastructure and destroyed around 7,000 physical and virtual servers.

This is Silent Crow’s third high-profile attack on Russian institutions in 2025. The group, which publicly announced its activities earlier this year, has shown considerable effectiveness in inflicting damage on Russia in cyberspace.

Ekonomichna Pravda has compiled previous attacks carried out by Silent Crow that preceded Aeroflot's paralysis and outlines them below.

Attack on Aeroflot

According to the hackers, they had been inside Russia’s largest airline's corporate network for a year. As a result, they managed to extract the complete flight history database, compromise critical corporate systems and gain control over employee computers, including those of the company’s top management.

Silent Crow stated that around 7,000 servers – both physical and virtual – were destroyed. The data obtained includes 12 TB of databases, 8 TB of files from Windows Share, and 2 TB of corporate emails. According to the group’s estimates, restoring the systems could cost tens of millions of dollars, and the damage is considered strategically significant for the company.

Russia’s Prosecutor General’s Office confirmed that the disruption was caused by a cyberattack. A criminal case has been launched under Part 4 of Article 272 of the Russian Criminal Code (unauthorised access to computer information).

Aeroflot, along with its affiliated airlines Rossiya and Pobeda, cancelled over 100 flights. According to Russian outlet Kommersant, the airline cancelled 54 round-trip flights, while 206 out of 260 scheduled flights are being prepared for departure.

Attack on Rosreestr

In early January 2025, hackers from Silent Crow targeted Russia’s Federal Service for State Registration, the Land Registry and Cartography (Rosreestr). The group posted a 44.7-GB file on its Telegram channel, containing more than 82 million entries. According to the hackers, the document included the personal data of all Russian citizens.

The leak was first noticed by the Telegram channel Data1eaks, which pointed out that the data in the file was current as of March 2024.

The information included the names, dates of birth, addresses, phone numbers, email addresses, SNILS numbers (Russia’s equivalent of social security numbers), and Rosreestr identification numbers of Russian citizens.

The investigative outlet Agentstvo later verified 15 randomly selected entries and confirmed the individuals named were real. In several cases, property addresses matched actual places of residence.

Rosreestr itself did not confirm the breach, stating only that "an additional review" was being conducted in light of reports circulating on Telegram channels. Silent Crow, however, described the incident as an example of how major state institutions "can collapse within days".

Breach of Rostelecom

On 21 January, Silent Crow carried out another attack – this time targeting Russian telecom giant Rostelecom. The hackers extracted 154,000 email addresses and 101,000 phone numbers of Russian users.

As proof, they posted spreadsheets containing data from users who had submitted queries via the feedback form on the company’s website. All records were dated 20 September 2024. According to Data1eaks, the group gained access to both user queries and the database of the public procurement portal operated by Rostelecom.

The company acknowledged the data leak but shifted the blame to "the infrastructure of one of its contractors".

The group's other declared targets include the Moscow Department of Information Technology, Kia Russia and Alfa-Bank, Russia’s largest private bank.

Who are Silent Crow?

The Telegram channel used by the group to publish all their statements was created only in late December 2024. Silent Crow has not officially disclosed its origins, and no government agency has yet identified their exact location.

The group currently presents itself as pro-Ukrainian hacktivists operating against Russia and its allies. Their approach is typical of hacktivist groups rather than criminal or state-backed actors: they do not demand ransoms, they act publicly and release the stolen data openly. Their actions aim to exert deliberate information pressure rather than achieve financial gain.

Their most recent operation – the attack on Aeroflot, carried out in cooperation with the Belarusian group Cyber Partisans – suggests possible coordination between regional hacktivist communities.

Background : On the morning of 28 July, Russian airline Aeroflot cancelled nearly 50 flights due to a failure in its information systems. Pro-Ukrainian hackers Silent Crow and Cyber Partisans BY claimed responsibility for the attack.

Support Ukrainska Pravda on Patreon !