Russia’s largest airline went dark on July 28. Aeroflot’s internal systems were breached, locked, and shredded. The attackers say they had access for nearly a year. They moved through flight records, employee logs, internal comms. The group calls itself Silent Crow. Pro-Ukraine. Tied to Belarusian hackers. The Russian Prosecutor General’s Office confirmed the intrusion. No walk-back. No media spin. Just a criminal case and thousands of passengers stuck.
The breach didn’t need malware. A password opened the door. CEO Sergei Alexandrovsky hadn’t changed his login in 3 years. No symbols. No caps. The system still ran Windows XP. Not a nickname. That’s the actual OS. Silent Crow posted screenshots of Active Directory and internal user lists. They say they wiped every endpoint they touched. Russian terminals lit up with error codes. Sheremetyevo canceled 42 flights. No reroutes. No refunds. People were told to leave and dial a dead hotline.
Silent Crow claims control of 7,000 servers. They say they pulled flight histories, locked up backup files, and wiped out the SAP core. They accessed surveillance feeds and employee monitoring tools. Recovery costs could hit eight figures. Aeroflot hasn’t confirmed a number. Kremlin spokesman Dmitry Peskov called it “alarming.” That was the full comment.
Footage from Moscow showed frozen boards and full terminals. No agents. No audio. Travelers told to request refunds online. The site was down. It still is. A “temporarily restricted” banner replaced the booking page. No ETA. No press briefing. No admission of what broke.
Silent Crow says the data will be published. No date given. Russian news outlets went quiet. No clips. No statements from victims. No mention of the CEO’s login credentials. Belarusian collective Cyber Partisans confirmed the op. They say this was strategic. Infrastructure disruption, not chaos for its own sake.
The question is why Aeroflot still runs XP. Released in 2001. Support ended in 2014. Yet in 2025, it’s still bolted into core networks. Upgrades are expensive. Not upgrading is now more expensive. The breach exposed everything. No firewall. No patches. Just an old password and a forgotten system.
Flights are still grounded. Travelers are still stuck. No timeline. No plan. Silent Crow says restoration isn’t possible. Russian officials say they’re investigating. No suspects named. No arrests. Just black screens and a broken airline.