Russian airline giant Aeroflot just got completely compromised. Hacker groups Cyber Partisans and Silent Crow claim they infiltrated the company’s core IT systems (Tier0) for over a year — without being noticed.
What they accessed:
- Entire flight history databases
- Surveillance systems and employee monitoring tools
- Wiretapping servers with recorded calls and internal communications
- Personal computers of executives and top management
- All mission-critical infrastructure
They promise to publish portions of the data soon.
Meanwhile, around 50 flights were canceled today out of Sheremetyevo Airport. Aeroflot offers no comment on the breach — only asks passengers to leave the terminal.
So how did this happen?
Simple: Basic cybersecurity rules were ignored.
As I’ve said before — DNS misconfigurations are the first door in. Doesn’t matter how many fancy certificates your “CISO” team holds — if you’re lazy, you’re exposed. And these hackers didn’t need 0days or magic malware. They likely just used the CISO’s own VPN, passwords, or password manager.
No firewall can protect you from yourself.
This is a wake-up call to every corporation hiding behind shiny tools while ignoring the basics.