Risky Bulletin: Episode Summary – “Between Two Nerds: The Aeroflot Hack”

Release Date: August 4, 2025
Host: risky.biz

Introduction

In this episode of Risky Bulletin, hosts Tom Uren and Gruk delve into the recent significant cybersecurity incident involving Aeroflot, Russia's flagship airline. Entitled "Between Two Nerds: The Aeroflot Hack," the discussion centers on the mechanics of the attack, the groups responsible, and the broader implications for cybersecurity and geopolitical dynamics.

Overview of the Aeroflot Hack

The episode opens with Tom Uren introducing the topic of the week: a substantial cyberattack on Aeroflot orchestrated by the Belarusian Cyber Partisans in collaboration with a lesser-known group, Silent Crow.

Tom Uren highlights the scope of the attack:
"They destroyed over 7,000 servers and workstations in different data centers, wiped out databases and information systems, and they name many of them SharePoint, Exchange, Sabre, which is an airline system."
[02:53]

The immediate impact included mass flight cancellations, visually represented by airport flight boards overwhelmingly marked in red.

The Attackers: Belarusian Cyber Partisans and Silent Crow

The Belarusian Cyber Partisans are depicted as a politically motivated group opposing Belarusian dictator Lukashenko. Gruk clarifies the group's origins and their alignment:

Gruk states:
"They're a Lithuanian organization that's been established as part of a Myanmar underground."
[01:15]
(Note: This statement is later corrected by Tom, indicating some confusion about the group's true origins.)

Tom Uren adds context about the group's historical significance:
"They're one of my favorite hacktivist groups, but they're also one of the first times that you and I spoke is to discuss for the newsletter whether they were the real deal."
[01:33]

The collaboration with Silent Crow suggests a broader coalition aiming to destabilize certain Russian infrastructures.

Methods and Execution

The hosts dissect the technical aspects of the hack, emphasizing its sophistication and the attackers' strategic approach.

Tom Uren notes:
"They spent many months in Aeroflot's corporate network developing access. Successful penetration was largely possible because some employees neglect basic password security. For example, Aeroflot CEO Sergei Alexandrovsky has not changed his password since 2022."
[01:57]

Gruk analyzes the infrastructure vulnerabilities:
"It's interesting that they mentioned that there's two locations that they hit and they each have a corresponding data center... if one gets hit, the other one can keep going and vice versa."
[05:04]

The discussion compares this setup to previous attacks like NotPetya on Maersk, highlighting the importance of robust backup systems. Gruk points out the limitations of having only two data centers without adequate failover mechanisms.

Impact on Aeroflot and Russia

The hack had both immediate operational disruptions and broader psychological effects on the Russian populace.

Tom Uren summarizes the operational impact:
"A huge number of Russian flights have been postponed or cancelled... 80% of its flights flew the next day and it expects 83% the day after."
[10:31]

Gruk expresses skepticism about these recovery rates:
"That seems an unrealistic estimation, right?"
[12:33]

Further, the hosts discuss the psychological impact, noting that flight cancellations have a direct and personal effect on citizens, unlike other targeted attacks that may seem distant or abstract.

Analysis of the Hack's Effectiveness

While acknowledging the technical success of the hack, both hosts weigh its strategic significance.

Gruk argues that the long-term strategic impact may be limited:
"I think the aims are strategic, I'll give them that, but I don't think the effect is going to be strategic."
[13:45]

Tom Uren concurs, suggesting that despite the high profile, Aeroflot is likely to recover swiftly:
"Aeroflot will be fine within a couple of weeks."
[14:00]

They compare the Aeroflot hack to other cyberattacks like Keevstar, concluding that while impactful, such hacks are typically ephemeral.

The Nature and Strategy of the Cyber Partisans

A significant portion of the discussion focuses on the Belarusian Cyber Partisans' identity, motivations, and operational maturity.

Gruk highlights their strategic and mature approach:
"They're very much a political organization or they have explicit political goals. They view hacking as a way of achieving those goals within a strategic framework that they've developed, which is wonderfully naive."
[17:00]

Tom Uren adds that the group is composed of mid-career professionals:
"My impression is that they're a group of maybe middle aged is not quite the right word, but mid career professionals who know what they're doing and so understand how to work together."
[16:31]

The hosts commend the group's maturity and strategic planning, contrasting them with other hacktivist entities that may act more impulsively.

Long-term Implications

The conversation shifts to the broader implications of the hack on Russian resilience and international perceptions.

Gruk posits that the hack serves more as a psychological weapon:
"They are trying to make the Russian public aware that the war is going on and bad things happen... But if all of your flights get canceled, that’s a serious disruption to your life."
[25:20]

Tom Uren elaborates on the reputational damage despite the technical ephemeral nature of the hack:
"The impact of the hack on the population exceeds the size of the hack on the target."
[28:34]

This suggests that the true success lies in influencing public opinion and demonstrating resistance capabilities rather than achieving lasting operational disruptions.

Conclusion

Tom Uren and Gruk conclude that the Aeroflot hack represents a noteworthy incident in the realm of hacktivism, showcasing both the potential and limitations of cyber operations in geopolitical conflicts.

Tom Uren summarizes:
"We think the hack was very well done. At the same time, it's going to have ephemeral effects. Aeroflot will be fine within a couple of weeks. On the third hand, this will have impact because it's a high profile hack, there's an outsized impact on the way people think about the Belarusian resistance."
[27:12]

Gruk reinforces the notion of symbolic victory:
"The impact of the hack on the population exceeds the size of the hack on the target."
[28:34]

The episode underscores the evolving landscape of cyber warfare, where strategic hackers like the Belarusian Cyber Partisans play a critical role in shaping narratives and challenging authoritarian regimes.

Notable Quotes:

• Tom Uren [02:53]: "They destroyed over 7,000 servers and workstations in different data centers..."
• Gruk [05:04]: "It's interesting that they mentioned that there's two locations that they hit..."
• Gruk [17:00]: "They're very much a political organization or they have explicit political goals..."
• Tom Uren [28:34]: "The impact of the hack on the population exceeds the size of the hack on the target."

This comprehensive summary captures the essence of the "Between Two Nerds: The Aeroflot Hack" episode, providing insights into the attack's execution, its perpetrators, and the broader implications for cybersecurity and political resistance.