Dim Amor

A real drama is unfolding in the world of international aviation following an extensive cyberattack allegedly carried out by a group of Ukrainian and Belarusian hackers. According to their claims, they managed to penetrate the computer systems of the Russian airline "Aeroflot" and disable all its services on Monday morning.

According to the hackers' version, the attack lasted a full year and led to the complete shutdown of one of the world's largest airlines. The scope of economic damage is estimated at tens of millions of dollars.

According to reports in local Russian media, the hacker group destroyed Aeroflot's entire IT infrastructure in a sophisticated cyber operation that was prepared in advance over a full year. The damage is so enormous that all critical systems of the Russian airline were breached, from databases to internal email and management communications. According to reports, approximately 7,000 servers were deleted and over 20 terabytes of sensitive data were stolen.

The attack immediately affected the company's operational activities. Many "Aeroflot" flights were canceled or delayed on Monday morning, with "Aeroflot" itself reporting a "service malfunction" due to information system problems, although it did not reveal the specific cause of the malfunction. As of July 29, Aeroflot's website displays the message "Flights are not available for the dates selected", meaning no flights are available.

The most serious damage, apparently, was discovered on Monday, July 29, when suspicions arose that the identities of thousands of passengers – including Israeli citizens – who purchased flight tickets through the "Aeroflot" company, were leaked to the network. According to reports, this involves particularly sensitive details, including personal information and credit card data.

Thousands of Israeli citizens flew via the "Aeroflot" company to various destinations, including New York, India, Moscow, and others. Additionally, Israeli citizens with dual citizenship traveled on "El Al" flights to Moscow, and from there continued on domestic flights to various destinations throughout Russia – including Novosibirsk, Murmansk, Kaliningrad, St. Petersburg, the Crimean Peninsula, and others – to visit family members or acquaintances.

Information security experts warn the Israeli public, especially those who previously purchased flight tickets directly from Aeroflot, to act urgently: change passwords, contact the bank, and request the issuance of new credit cards – including the CVV code appearing on the back of the card.

Travel agencies that made bookings through the "Aeroflot" company may also be exposed to similar risk, and they are advised to take immediate precautionary measures.

The information is based on reports published in Ukrainian and Russian media.

The most alarming discovery comes from Ukrainian media, claiming that hackers can not only access passenger details but also bring down aircraft. According to reports, the operation was prepared a year in advance, and the hackers know the routes, internal correspondence, and all details of passengers who ever flew through Aeroflot. A company that hadn't changed passwords for over three years became a relatively easy target for such a sophisticated breach.

Attempts to contact Aeroflot offices in Moscow, Tel Aviv, and St. Petersburg met with complete failure, as all offices are closed. The company promised refunds to all passengers within a few days, but as of July 29, there is no response at all. Hundreds of Israelis who didn't fly and received no compensation or replacement were left without a solution, as Aeroflot is essentially in operational disaster. The customer database has been mostly deleted, and the company doesn't know who actually purchased a ticket and who didn't.

The danger extends beyond Aeroflot itself. Partnerships and airlines belonging to the SkyTeam Alliance are also in potential danger. The hackers can take control of more companies and details, as they allegedly declared they have the information and will leak it. However, the Belarusian and Russian hackers note that their main target is Russia and Aeroflot, not other companies, but companies affiliated with the SkyTeam Alliance club are still in potential danger.

The SkyTeam Alliance, established in 2000 with headquarters in Amsterdam, Netherlands, includes 19 airlines as of 2024. Among the major companies in the alliance are Air France, KLM, Delta Air Lines, Korean Air, Aeromexico, China Eastern, Saudi Arabian Airlines, Czech Airlines, Vietnam Airlines, and others. The alliance enables cooperation between airlines, flight coordination, code sharing, more convenient transfers between companies on connecting flights, frequent flyer point accumulation across alliance companies, access to shared lounges, and operational efficiency.

The Aeroflot breach exposes existing vulnerabilities in the information systems of international airlines, especially when they neglect basic security updates. The case demonstrates how a single cyberattack can disrupt the operations of a giant airline and affect hundreds of thousands of passengers worldwide.

According to current expectations, the recovery process will last entire months, provided the company's backups were not also damaged. However, the fact that the company hadn't changed passwords for over three years raises concerns that backup systems may also be compromised. The attack on Aeroflot serves as a serious reminder to international airlines about the critical importance of maintaining advanced and current cybersecurity measures.

Photo: Maakav