The Mighty Russian Cyber Empire Is a Glass Onion

Pro-Ukrainian cyber activists Silent Crow, in coordination with Cyber Partisans BY from Belarus, launched a significant attack on Russia’s digital infrastructure on July 28, 2025, targeting Aeroflot—Russia’s largest airline, crippling its IT systems and sending a direct message to the Kremlin: end Russia’s war in Ukraine.

One reason for the breach? Aeroflot’s CEO hadn’t changed his password for three years. The FSB ’s own IT unit—reportedly in charge of Aeroflot’s cybersecurity—is now under fire, triggering “panic in the ranks,” Russian Telegram channels report.

For the FSB, NCSCI, RT-Solar, and other so-called ‘cyber defenders’—you are incapable of protecting even your key infrastructures. For all members of the repressive apparatus—your digital security is negligible, and you yourself have been under surveillance for a long time.

Silent Crow

Aeroflot isn’t just an airline—it’s a state-linked entity. As Russia continues to target Ukraine’s civilian infrastructure, hacktivists are striking back. Each breach sends a message—not just of retaliation, but of resilience in a time of digital war. 

Implications of the Aeroflot cyber attack

The cyberattack destroyed roughly 7,000 physical and virtual servers. Hackers gained access to personal computers at all company levels, including senior management. Early estimates suggest recovery could cost tens of millions of dollars.

They also stole 20 terabytes of data from surveillance servers, including intercepted communications and recorded phone calls—likely containing sensitive material. Therefore, other institutions—like transportation, security, or government agencies—could be targeted.

More than 50 flights have been reportedly cancelled, affecting both domestic and international passengers. Aeroflot plays a critical role in moving Russian troops across the country, says Silent Crow, so the breach likely exposed military logistics and movement plans.

The incident was a “wake-up call,” according to senior Russian lawmaker Anton Gorelkin, who called for reinforcement to the country’s cyber defences.

Russian Telegram channels report that there’s likely to be a purge in the dismissal of FSB employees, as happened after the Ukrainian SBU security service blew up the illegally constructed Crimean bridge. At that time, Deputy Minister Alexander Sukhanov (who oversees transport security issues) was fired, the department's leadership and many others lost their “cushy jobs”.

Beyond technical impact, the breach has a psychological impact too for both the Russian government and civilians, planting doubt in state-controlled systems and their narratives. This marks one of Russia’s most humiliating cyber failures, exposing the deep vulnerabilities in what’s been portrayed as an all-powerful and impenetrable cyber empire.

Ukraine and its Allies’ cyber counteroffensive against Russia

Silent Crow, the pro-Ukrainian hacktivist group

Silent Crow has been behind several attacks. In January 2025, they said that they were behind a breach of Russia’s real estate registry Rosreestr that compromised around 2 billion records.

In January 2025, they also claimed responsibility for an attack on the largest digital services provider in Russia, Rostelecom, leaking customer information through one of its contractors. 

In February 2025, Silent Crow accessed the internal systems of the Department of Information Technology and obtained information on more than 30 million Russians in Moscow and the Moscow region.

July 20th, 2025, Silent Crow gained access to all hospital records in Moscow, including full medical records, diagnoses, prescriptions, and treatment history, which they say has the potential to leak large-scale medical secrets in Russia. 

IT Army of Ukraine

The IT Army of Ukraine, which calls itself “a volunteering organization with a specialty in conducting offensive operations in cyberspace” rather than hacktivists, has worked on several attacks to counter Russian aggression. 

We go beyond enemy lines. If you do nothing towards death, you’ve got to defend in other ways, and if you're weaker by default, you will lose. The only question is when.

IT Army of Ukraine

The group targets finance and infrastructure, not healthcare or humanitarian missions, the head of Ukraine’s IT Army told us, speaking on condition of anonymity. “Everything starts with state services and ends up in digital infrastructure,” they said.

During a 2023 missile strike on Russian military targets in temporarily occupied Crimea, Ukraine’s IT Army disabled internet providers they believed were supplying CCTV data to Russian forces, making it harder for Russia to counter the attack. The group called it a smaller but illustrative example of how cyber and kinetic operations can align.

The IT Army considers the internet world as a brute force because “everyone can do something,” such as a DDoS  attack. Given Internet access, anyone can go onto a webpage and hit refresh many times, which then overwhelms the website with traffic, crashing their services. 

Russia has persistently targeted Ukraine with DDoS attacks. Approximately one hour before Russia launched its full-scale invasion of Ukraine, they began a DDoS attack against Viasat .

This disrupted military communications, internet access, and critical infrastructure at a crucial time, taking tens of thousands of civilians offline.

Read more

Category

Latest news

Ukrainian Forces Successfully Thwart Russian DDoS Attack on War&Sanctions Portal

Apr 08, 2025 19:19

Suspending services for a day or even hours causes huge economic losses, says the IT Army. If a facility is idle, it's also losing money-critical infrastructure.“Economic losses are not just due to the temporary termination of facilities, but also protecting them as well,” they said. “Huge investments are made in cybersecurity to protect them; these are dollars not spent on war. ”

When asked whether their work is dangerous, the head of Ukraine’s IT Army replied, “If you’ve spent even one day in Ukraine, you know that it doesn't depend on what you do, you can be hit by missiles at any moment. I’m not afraid, if something is going to happen, it will—not because I'm in charge of the IT Army, but because we are in the middle of Russia’s brutal war.” 

Recent notable cyberattacks on Russian infrastructure

A large-scale cyberattack carried out by Ukrainian hackers against the Russian energy giant Gazprom caused significant disruptions and wiped out vast amounts of critical data. Gazprom is heavily involved in supporting Russia’s ongoing war effort, Ukraine’s military intelligence says.

The degradation of Russian information systems to the technological Middle Ages continues.

The Main Intelligence Directorate of the Ministry of Defense of Ukraine

The cyberattack allegedly had a devastating effect on Gazprom’s internal operations; access to internal systems was blocked for nearly 20,000 system administrators. Backup copies of key databases were erased, and vital servers running essential software for managing documents, contracts, and critical operational data for pipelines were destroyed.

Cyber specialists from Ukraine’s Defense Intelligence (HUR) also conducted a large-scale cyberattack in June 2025 on Gaskar Integration, a major supplier of unmanned aerial vehicles to the Russian military.

The breach significantly disrupted the company’s operations and compromised critical technical data.

HUR gained access to more than 47 terabytes of technical data related to Russian drone production, which has since been transferred to Ukraine’s Armed Forces for analysis and use.

How Ukraine is strengthening its cyber defense

Ukraine is targeted by approximately 100,000 cyberattacks each month. While civilian hacktivists are working to significantly disrupt Russia’s infrastructure, combating its attacks, Ukraine’s government is strengthening its digital army on the official front.

Ukraine announced in October 2024 plans to create Cyber Forces as a standalone military branch to strengthen its capabilities in cyberspace, which is now recognized as a domain of warfare alongside land, air, sea, and space.

The trajectory is clear: Russia’s cyberwarfare campaign against Ukraine is accelerating. It’s broad, coordinated, and designed to destabilize the country, paralyze critical infrastructure, erode public trust, and steal information that could tilt the battlefield.

Oleksandr Potii

Head of the State Service of Special Communications and Information Protection of Ukraine

Ukraine will also reportedly join Locked Shields  2024, NATO’s largest annual cyber defense exercise involving 4,000 experts from 40 countries tasked with responding to complex cyberattacks.

Ukraine has increased its international cooperation with NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE), US Cyber Command, and private tech firms such as Microsoft and Google.

Ukraine adopted a new cybersecurity law in April 2025, Law No. 4336-IX, to modernize and strengthen Ukraine’s digital defenses. 

The new law places stricter security requirements on essential services, clearly states which agencies and companies are responsible for defending key systems (like power grids, banks, or hospitals), and makes it easier for Ukraine’s cybersecurity teams to coordinate during attacks, respond quickly, and share threat info in real-time.

Read more

Category

Opinion

Inside Ukraine's New Digital Defense Strategy to Counter Russian Cyber Onslaught

Apr 21, 2025 18:34

Ukraine is aligning its digital laws with the EU NIS2 Directive and GDPR -like standards for data protection and cyber risk management. The NIS2 Directive, formally known as Directive (EU) 2022/2555, is a European Union law focused on enhancing cybersecurity, particularly within critical infrastructure sectors.

Cyber warfare is constantly evolving, and Russia, which projected itself as a dominant digital force, is now showing cracks in its cyber armor. 

Ukraine has transformed, building stronger defenses and striking back with precision. Civilian hacktivists have joined the battle on the digital front, and in the digital fight for freedom, Ukraine is holding the line.