On one hand, the Russian government is firmly denying claims of a cyber attack targeting its national airline, Aeroflot. However, the situation has taken an intriguing turn as Ukrainian and Belarusian hacker groups—known as Cyber Partisans and Silent Crow—have publicly released a large dataset of purportedly stolen information. The data, they claim, is linked to Aeroflot and includes sensitive flight history records, notably from the past few years, of Sergei Alexandrovsky, the CEO of the airline.
In response to the allegations, Russian media outlets under the oversight of Roskomnadzor, the country’s communications regulatory authority, have dismissed the cyber attack narrative. Instead, they attribute the data breach to a technical malfunction, claiming that the leak occurred due to an IT failure rather than a targeted hacking operation. This official stance, however, does little to quell suspicions fueled by certain media outlets and factions that allege Moscow and its Federal Security Service (FSB) may be trying to cover up the truth.
Upon further investigation of the screenshots shared by the hackers on various social media platforms, it appears that the flight history data is indeed authentic and directly connected to Sergei Alexandrovsky. This revelation has only added fuel to the fire, raising concerns about the security vulnerabilities that could allow such sensitive information to be exposed. The fallout from this cyber attack has been severe. Over 100 flights were grounded as a result, and a staggering 7,000 servers were reportedly compromised, including those related to surveillance systems, wire banking operations, employee databases, and flight history logs.
In a related development, Microsoft issued a statement revealing that another Russian-linked hacking group, Secret Blizzard, has launched a new cyber campaign targeting foreign embassies in Moscow. This attack, which is believed to be part of a broader espionage operation, was cleverly disguised as an update for the Kaspersky Anti-malware software. However, the update was, in fact, a cover for deploying malicious files onto the servers of the embassies, potentially compromising sensitive diplomatic communications and intelligence.
Secret Blizzard, which is reportedly funded by Russia’s FSB, is notorious for its history of conducting cyber espionage operations. Since February 2025, the group has been infiltrating embassy servers in Moscow, deploying the sophisticated ApolloShadow malware to harvest intelligence and disrupt digital operations. The scope of this attack has raised concerns about the increasing sophistication of Russian cyber operations.
Adding a layer of complexity to the situation, this latest disclosure from Microsoft comes on the heels of accusations from China. Beijing has accused U.S. intelligence agencies of exploiting vulnerabilities in Microsoft’s SharePoint server software to infiltrate Chinese military servers since 2023. The timing of these accusations, alongside ongoing international cyber tensions, highlights the increasingly precarious state of global cyber security.
Join our LinkedIn group Information Security Community!
