Between Two Nerds: The Aeroflot hack - Risky Bulletin

Summary5 min read

Risky Bulletin: Episode Summary – “Between Two Nerds: The Aeroflot Hack”

Release Date: August 4, 2025
Host: risky.biz

Introduction

In this episode of Risky Bulletin, hosts Tom Uren and Gruk delve into the recent significant cybersecurity incident involving Aeroflot, Russia's flagship airline. Entitled "Between Two Nerds: The Aeroflot Hack," the discussion centers on the mechanics of the attack, the groups responsible, and the broader implications for cybersecurity and geopolitical dynamics.

Overview of the Aeroflot Hack

The episode opens with Tom Uren introducing the topic of the week: a substantial cyberattack on Aeroflot orchestrated by the Belarusian Cyber Partisans in collaboration with a lesser-known group, Silent Crow.

Tom Uren highlights the scope of the attack:
"They destroyed over 7,000 servers and workstations in different data centers, wiped out databases and information systems, and they name many of them SharePoint, Exchange, Sabre, which is an airline system."
[02:53]

The immediate impact included mass flight cancellations, visually represented by airport flight boards overwhelmingly marked in red.

The Attackers: Belarusian Cyber Partisans and Silent Crow

The Belarusian Cyber Partisans are depicted as a politically motivated group opposing Belarusian dictator Lukashenko. Gruk clarifies the group's origins and their alignment:

Gruk states:
"They're a Lithuanian organization that's been established as part of a Myanmar underground."
[01:15]
(Note: This statement is later corrected by Tom, indicating some confusion about the group's true origins.)

Tom Uren adds context about the group's historical significance:
"They're one of my favorite hacktivist groups, but they're also one of the first times that you and I spoke is to discuss for the newsletter whether they were the real deal."
[01:33]

The collaboration with Silent Crow suggests a broader coalition aiming to destabilize certain Russian infrastructures.

Methods and Execution

The hosts dissect the technical aspects of the hack, emphasizing its sophistication and the attackers' strategic approach.

Tom Uren notes:
"They spent many months in Aeroflot's corporate network developing access. Successful penetration was largely possible because some employees neglect basic password security. For example, Aeroflot CEO Sergei Alexandrovsky has not changed his password since 2022."
[01:57]

Gruk analyzes the infrastructure vulnerabilities:
"It's interesting that they mentioned that there's two locations that they hit and they each have a corresponding data center... if one gets hit, the other one can keep going and vice versa."
[05:04]

The discussion compares this setup to previous attacks like NotPetya on Maersk, highlighting the importance of robust backup systems. Gruk points out the limitations of having only two data centers without adequate failover mechanisms.

Impact on Aeroflot and Russia

The hack had both immediate operational disruptions and broader psychological effects on the Russian populace.

Tom Uren summarizes the operational impact:
"A huge number of Russian flights have been postponed or cancelled... 80% of its flights flew the next day and it expects 83% the day after."
[10:31]

Gruk expresses skepticism about these recovery rates:
"That seems an unrealistic estimation, right?"
[12:33]

Further, the hosts discuss the psychological impact, noting that flight cancellations have a direct and personal effect on citizens, unlike other targeted attacks that may seem distant or abstract.

Analysis of the Hack's Effectiveness

While acknowledging the technical success of the hack, both hosts weigh its strategic significance.

Gruk argues that the long-term strategic impact may be limited:
"I think the aims are strategic, I'll give them that, but I don't think the effect is going to be strategic."
[13:45]

Tom Uren concurs, suggesting that despite the high profile, Aeroflot is likely to recover swiftly:
"Aeroflot will be fine within a couple of weeks."
[14:00]

They compare the Aeroflot hack to other cyberattacks like Keevstar, concluding that while impactful, such hacks are typically ephemeral.

The Nature and Strategy of the Cyber Partisans

A significant portion of the discussion focuses on the Belarusian Cyber Partisans' identity, motivations, and operational maturity.

Gruk highlights their strategic and mature approach:
"They're very much a political organization or they have explicit political goals. They view hacking as a way of achieving those goals within a strategic framework that they've developed, which is wonderfully naive."
[17:00]

Tom Uren adds that the group is composed of mid-career professionals:
"My impression is that they're a group of maybe middle aged is not quite the right word, but mid career professionals who know what they're doing and so understand how to work together."
[16:31]

The hosts commend the group's maturity and strategic planning, contrasting them with other hacktivist entities that may act more impulsively.

Long-term Implications

The conversation shifts to the broader implications of the hack on Russian resilience and international perceptions.

Gruk posits that the hack serves more as a psychological weapon:
"They are trying to make the Russian public aware that the war is going on and bad things happen... But if all of your flights get canceled, that’s a serious disruption to your life."
[25:20]

Tom Uren elaborates on the reputational damage despite the technical ephemeral nature of the hack:
"The impact of the hack on the population exceeds the size of the hack on the target."
[28:34]

This suggests that the true success lies in influencing public opinion and demonstrating resistance capabilities rather than achieving lasting operational disruptions.

Conclusion

Tom Uren and Gruk conclude that the Aeroflot hack represents a noteworthy incident in the realm of hacktivism, showcasing both the potential and limitations of cyber operations in geopolitical conflicts.

Tom Uren summarizes:
"We think the hack was very well done. At the same time, it's going to have ephemeral effects. Aeroflot will be fine within a couple of weeks. On the third hand, this will have impact because it's a high profile hack, there's an outsized impact on the way people think about the Belarusian resistance."
[27:12]

Gruk reinforces the notion of symbolic victory:
"The impact of the hack on the population exceeds the size of the hack on the target."
[28:34]

The episode underscores the evolving landscape of cyber warfare, where strategic hackers like the Belarusian Cyber Partisans play a critical role in shaping narratives and challenging authoritarian regimes.

Notable Quotes:

Tom Uren [02:53]: "They destroyed over 7,000 servers and workstations in different data centers..."
Gruk [05:04]: "It's interesting that they mentioned that there's two locations that they hit..."
Gruk [17:00]: "They're very much a political organization or they have explicit political goals..."
Tom Uren [28:34]: "The impact of the hack on the population exceeds the size of the hack on the target."

This comprehensive summary captures the essence of the "Between Two Nerds: The Aeroflot Hack" episode, providing insights into the attack's execution, its perpetrators, and the broader implications for cybersecurity and political resistance.

Loading summary

Transcript108 lines

[00:04]
Tom Uren
Hello, everyone, this is Tom Uren. I'm here with another between two nerds discussion with Gruk. G', day, Gruck. How are you?
[00:11]
Gruk
Good day, Tom. Fine, and yourself?
[00:13]
Tom Uren
I'm well. This week's episode is brought to you by Tines, the company that makes an easy to use security automation platform. So, Gruk, in the last week or so, there's been a quite large hack of Aeroflot, the Russian airline that's being carried out by the Belarusian cyber partisans. And they've claimed responsibility, along with a group called Silent Crow, which I've never heard of before.
[00:45]
Gruk
Yeah, same.
[00:47]
Tom Uren
So we thought we'd discuss the hack, what went on, like the impact, and the cyber partisans like what they are. So I guess as a bit of a background, the Belarusian Cyber partisans are like a Belarus group. They're explicitly against.
[01:08]
Gruk
They're a Lithuanian organization that's been established as part of a Myanmar underground.
[01:16]
Tom Uren
No, you're thinking of the Judean People's Front, not the People's Front of Judea, but. So they are explicitly against the. Is it Lukashenko? Is he the.
[01:30]
Gruk
Yes, yep.
[01:34]
Tom Uren
The dictator in charge. And in fact, they're. Well, they're one of my favorite hacktivist groups, but they're also one of the first times that you and I spoke is to discuss for the newsletter whether they were the real deal.
[01:50]
Gruk
What you're doing is you're actually setting this up to be a flashback episode. You've run out of things to talk about. And here's what we said earlier.
[01:58]
Tom Uren
So this is a bit of between two nerds lore for the ardent fans. So the hack, they actually have a page where they talk, the cyber partisans, that is, they talk about what went on. So it says they destroyed over 7,000 servers and workstations in different data centers, wiped out databases and information systems, and they name many of them SharePoint, Exchange, Sabre, which is an airline system. We downloaded a lot of databases, employee wiretapping, mail, and much more. This is machine translated, so it's not altogether clear what they mean by employee wiretapping. We have uploaded an array of flight history databases which can now be used upon request for independent investigations. So I expect that's the sort of thing that might.
[02:54]
Gruk
I was going to say, like, expect Bellingcat.
[02:56]
Tom Uren
Exactly.
[02:57]
Gruk
Yeah.
[02:58]
Tom Uren
So that's the kind of broad shape of what they say is the impact. And then they talk a little bit about how they carried it out. For example, they say, together with colleagues from Silent Crow, we spent many months in Aeroflot's corporate network developing access Successful penetration was largely possible because some employees neglect basic password security. For example, Aeroflot CEO Sergei Alexandrovsky has not changed his password since 2022. And they've got screenshots, network diagrams. So it goes on that a huge number of Russian flights have been postponed or cancelled. When the news broke, there were pictures of just those airplane or airport flight boards with just a sea of red from all the Aeroflot flights that have been cancelled. So that is a brief recap of the hack. I guess it's. To me, the interesting things are that a civilian hacktivist group carried it out. I'm wondering about the longer term impact. Like it sounded like a very plausible and competent hack. Like the talk about spending a number of months in there. That seems like about. Right. The possibility that you could have a large impact that seems possible given the right network, I guess. And it seems plausible that a Russian airline might have that kind of right network where right means not very well secured.
[04:56]
Gruk
Yeah. So it's interesting that they mentioned that there's two locations that they hit and they each have a corresponding data center.
[05:04]
Tom Uren
Right?
[05:04]
Gruk
Yep. It sounds to me like they sort of, they probably had like they duplicate data between the two of them. So I've got like a. Maybe not a hot cold failover, but they're running off both data centers sort of simultaneously. So if one gets hit, the other one can keep going and vice versa.
[05:24]
Tom Uren
Yeah, I mean that reminded me of Notpetya and Maersk where they had, I think they were following the same strategy. They didn't have explicit backups, but they were backing up between, I think different domain controllers. And they had 97 of them, if I recall correctly, some large number that's.
[05:43]
Gruk
Significantly more secure than just having two.
[05:46]
Tom Uren
Yeah, I. And they were saved because there was.
[05:50]
Gruk
A power like a Nigerian server.
[05:52]
Tom Uren
Yes. So I guess when you've only got two, that's, you know, you would spend a lot more time and effort making sure you didn't have a simultaneous power failure at both. So in a way that makes you worse off.
[06:10]
Gruk
Yeah, I, I strongly suspect that if you, you have two data centers and you know, you're probably doing this hot, cold failover or running with both of them at the same time, when they get wiped, you're stuffed.
[06:27]
Tom Uren
Yeah, Two does not seem like enough.
[06:29]
Gruk
Like not for a national carrier, for a country the size of Russia. Right. That seems. Yeah, well, you kind of feel like you need to have. And a third one that's offline except for, you know, nightly backups.
[06:42]
Tom Uren
Well, I mean that's the. That's a standard dev for anyone, isn't it? Like, if you care enough to actually do backups, you should have three.
[06:53]
Gruk
Yeah. And you should test that. You can restore them, but, you know. And you shouldn't run Windows XP and Server 2000 on your network.
[07:02]
Tom Uren
Well, now that I think about it, you're right. This is exactly the advice I would give someone, like, just a friend.
[07:09]
Gruk
Yeah, yeah.
[07:11]
Tom Uren
Who would ask?
[07:12]
Gruk
I wouldn't run a home network like this. Right? That's right.
[07:18]
Tom Uren
Yeah. So that seems like. It seems like they may have had success, but it's because they fell on fertile ground. Right.
[07:29]
Gruk
Yeah. I strongly suspect that part of the reason that Aeroflot was able to get away with being so lax is because as the Russian carrier, they're not vulnerable or, like, they're not at risk from ransomware or the majority of cyber threats. Right. So it's just like, it's not going to be something they really worry about. So, like, if you quarantas or you're Delta or you're like basically any other air carrier, if your systems go down, you lose a lot of money. So you'll be ripe for ransomware, you'll be a great target. But if you are literally Russia's flagship carrier, if you got hit with ransomware, there would be bodies strung up over a bridge within 24 hours.
[08:21]
Tom Uren
Yeah, yeah. So Qantas, which is Australia's national carrier, got hit by. It seems like it was hit by scattered spider. So the kids, who are very good at social engineering and, yeah, they got access to customer details but nothing else. And so that speaks to me, actually they probably did a reasonable job in isolating other parts of the system. Those things always get treated as serious, but it could be so much worse.
[08:55]
Gruk
Yeah, you've got the core stuff that uses, which manages your inventory and your flights. It's things that make you work as an airline and then there's the things that allow you to interface with customers and sort of offer services. And that's important, but you can sort of get away with losing that for a while, because you can at least still, you know, know where your airplanes are and how they've been serviced and where they're supposed to be and who's flying them.
[09:30]
Tom Uren
Yeah. And in this case, it doesn't seem that Aeroflot was that lucky or that well isolated, I guess. So. There's another article we were looking at before from Medusa, which is a magazine media outlet that focuses on Russia and it produces a lot of good material. It's critical of the regime. At least the stuff I've read is critical of the regime. So it's, it doesn't just whitewash things. So the very first day there were a lot of cancellations. It says 42%. And so this article is looking at how the longer term impact has played out. So far it's only been a couple of days. However, the company Aeroflot states that roughly 80% of its flights flew the next day and it expects 83% the day after.
[10:31]
Gruk
So these are sounding a hell of a lot like dictator era polling numbers for elections. Right, right. Like it's, yes, we lost our entire infrastructure, but we had a 95% success rate. We counted ourselves. So, you know, yeah, I'm skeptical. But on the other hand, I think both of us are old enough to remember in the before times in the.
[11:04]
Tom Uren
Headset planes where you turn up with a physical piece of paper to get on a plane, like a ticket, which was mostly just carbon paper.
[11:17]
Gruk
When like a ticket was literally a ticket. So, you know, maybe, maybe they were able to run some stuff on paper. You know, I believe that would be the stopgap measure, but I can't imagine that they've recovered from this properly.
[11:34]
Tom Uren
I think ironically, a company that is least well prepared from a cyber security perspective may be so used to outages and failures that it's actually best practiced for operating.
[11:51]
Gruk
Just a Tuesday. Yeah, like they're there.
[11:55]
Tom Uren
Computer down again. Oh, well, yeah.
[11:58]
Gruk
I don't know if it's a cyber attack or, you know, just so I don't know.
[12:04]
Tom Uren
I've never flown Aeroflot, but that's one thing that occurs.
[12:07]
Gruk
So I, I think what's probably going to happen is they're going to slowly claw back. I mean, so all of the stuff I've seen on social media from Russians has been complaining about flights.
[12:19]
Tom Uren
Right.
[12:19]
Gruk
That everything is screwed. You can't get anywhere. You know, the pictures of people sleeping in terminals, which doesn't seem to me like an 80% success rate on flights. That seems an unrealistic estimation, right?
[12:34]
Tom Uren
Yep.
[12:34]
Gruk
But one of the important things that we've learned from the Ukrainian Russian cyber war is that hacks are not permanent like these, these things are not like, they're not fatal blows that, you know, take everything down forever. Like viasat, huge death knell blow, biggest thing ever. Within a week, everything was operating absolutely normally when keevstar got wiped. Like absolutely everything that they had got wiped. It took them seven days to get back up and running. And telcos are very, very Complex. They're at least as complicated as airlines, if not more so because of the amount of complicated equipment and stuff that needs to be configured. I strongly suspect that while, you know, I don't think that they're a backup, within one day, I think in two weeks they'll be absolutely fine. So one of these partners says this is strategic, and I don't believe it is. I think that the aims are strategic, I'll give them that, but I don't think the effect is going to be strategic.
[13:45]
Tom Uren
Right, right. So even though you're skeptical of Aeroflot's claims, you're on the side that, you know, maybe it's not quite that good, but it's better than total destruction of Aeroflot.
[14:01]
Gruk
It's.
[14:01]
Tom Uren
It's coming back.
[14:02]
Gruk
Yeah.
[14:03]
Tom Uren
In a matter of days to weeks.
[14:06]
Gruk
Yes. So I. I think it's. It's very hard to be decisive with cyber, like you need to. It can create an opportunity that can be exploited. If there was a competing airline to Aeroflot, for example, this could be a strategic victory for that competing airline. Right. Where you could just say, you know, bring your Aeroflot ticket and we'll, you know, honor that. Something like that. You know, like it's, you know, if you switch, your loyalty will be your. Your carrier.
[14:38]
Tom Uren
Yeah. So it's a sort of reputational and business loss, but it's not the end of the company by any means.
[14:46]
Gruk
Correct. That's my field.
[14:49]
Tom Uren
Again, it's hard to tell because you're not dealing with neutral observers. It's hard to get objective facts about which flights flew. So we'll still wait and see.
[15:01]
Gruk
Fortunately, it was in Russia with one of the most lax and open, one of the highest ratings on press freedom. So we'll just see what Pravda has to say about it. Yeah.
[15:15]
Tom Uren
And I guess at some point we'll see the databases of flight manifests and be able to see. So one of the interesting things to me is that the cyber partisans seem to be one of the first genuinely successful hacktivist groups. And it's also interesting to me that they behave a bit differently from other purported activist groups in that they've got, for example, a. I've heard it described as a declared public spokesperson. So she'll go to conferences and think tank meetings and express the, I guess, some of the views of the cyber partisans, which seems different from the normal hectivist group.
[16:06]
Gruk
Yeah. So I think one of the things that sets them apart is, first of all, maturity. Not that they're all, you know, Decrepit and old like us. But they're not made up of teenagers. Right. They were like working adults with jobs who switched over to doing this so they had, they could delay gratification and important things like that that teenagers are not known for.
[16:31]
Tom Uren
Yeah, My impression is that they're a group of maybe middle aged is not quite the right word, but mid career professionals who know what they're doing and so understand how to work together.
[16:47]
Gruk
That's certainly the impression I get from them as well. And so like that's been very important because it's allowed them to sort of plan and execute. I think a lot of hacktivists just go straight to the execute.
[17:00]
Tom Uren
Right.
[17:01]
Gruk
You know, and then see what happens. Like whatever falls out, falls out. Whereas these guys, you know, they're very much a political organization or they have explicit political goals. They view hacking as a way of achieving those goals within a strategic framework that they've developed, which is wonderfully naive. I've said that they're mature adults, but they read a lot like freshmen in college sometimes.
[17:27]
Tom Uren
So maybe they're mature IT professionals because that seems like an IT professional kind of stereotype. Maybe.
[17:38]
Gruk
Yeah, sort of. Perhaps early on, sort of a bit earlier in your career before you've been exposed to just how little your stuff matters compared to the business or. Yeah, but yeah, like they have this sort of, you know, we're going to do this thing and then Lukashenko's regime will fall. I don't think you can do that with cyber. I mean, I'd love to be wrong. And if they, they achieve that, then I'll switch my PhD topic immediately.
[18:06]
Tom Uren
But yeah, yeah, yeah. So the public interaction, one part I mentioned was the declared spokesperson and then another part is the detail they go into in this sort of hacking blog. What purpose is that serving though? Like so we.
[18:26]
Gruk
Yeah. So to me, I don't think hacktivist is necessarily the right term because of the sort of baggage and the implications it has for the connotations of, you know, teenagers just, you know, doing vandalism or something. These, these guys seem much more like the, like the militant wing of a political party that doesn't exist yet.
[18:55]
Tom Uren
So. But surely in Belarus there are people who are working against the regime.
[19:03]
Gruk
Yeah.
[19:04]
Tom Uren
Now is that a resistance or is there no party? Because they're not allowed to be a party.
[19:13]
Gruk
I think the last crackdown sort of came about because the election was stolen from the legitimate opposition who were also suppressed. That's my understanding from something that happened many years ago that I didn't look into very much, but, like, there are obviously opposition political figures. I don't know whether they're out of jail or out of the country or. Or what. I know that the cyber partisans actually have been working with some of these guys that they like, they are interfacing with more than just other techies. Like they're working with people who do have political vision and have a sort of strategic understanding of things. Perhaps these people haven't had a chance to read the manifesto and explain to cyber partisans that hacking is not going to achieve things like that.
[20:07]
Tom Uren
If you're a politician, I guess, and someone comes up to you and says, I want you to hack to help me win an election, it doesn't seem that the cyber partisans are doing the kind of dirty election hacking.
[20:19]
Gruk
No.
[20:20]
Tom Uren
Yeah, Right. So it's not we want to steal an election back. It's like we have a political goal that we're trying to achieve.
[20:27]
Gruk
We're trying to. Right.
[20:28]
Tom Uren
So if I recall correctly, it was stuff that would reveal how bad the Lukashenko regime was.
[20:37]
Gruk
So it was. They were trying to sort of instigate protests and mass movements, sort of by leaking how bad things were, which, you know, as opposed to, you know, getting kompromat and pressuring people to, you know, back out of races or whatever. It was put within a political framework that made sense of mass mobilization, of trying to get international attention, to apply pressure, these sorts of things.
[21:07]
Tom Uren
Yeah, yeah. And as an outsider, it seems like that's a fair way to fight against a dictatorial regime. Like that's the kind of moral way to do it, rather than trying to also steal elections or engage in dirty tricks.
[21:27]
Gruk
Yeah. One wonders sort of how effective this can be in a military dictatorship like Lukashenko has. I think that's the, like, that's the downside is it's. This is like these sorts of strategies can be effective in a slightly weaker dictatorship.
[21:48]
Tom Uren
Right.
[21:50]
Gruk
You know, where public pressure is possible. In this case, I think what you need is you need the security forces to switch sides.
[21:59]
Tom Uren
Right, Right.
[22:00]
Gruk
Like if the. If the police refuse to show up and shoot protesters, you win, but if they're shutting up and shooting protesters, then you can leak all you want. It's still.
[22:09]
Tom Uren
Yeah. Some of what the cyber partisans has done is leak material that shows that the police are behaving badly. So that is not necessarily a way to win them over, but maybe it's a way to point out that there are bad apples in the police. So I guess it depends on the bad to good apples.
[22:29]
Gruk
It would Be more of a news story if there were good apples in the police.
[22:32]
Tom Uren
Right, yeah. So being public is all in service of that, trying to create a mass movement.
[22:38]
Gruk
Yeah. They have a whole strategy document and it's internally consistent, but I think it's very naive. It's wonderfully naive.
[22:52]
Tom Uren
But I mean, I guess what else have you got, Right. If you don't have like, it's. It sounds to me like a document of hope rather than.
[23:02]
Gruk
Yes, yeah. Do not bring your document of hope to me if you want to sign off. Yeah. I'm old and cynical and I'm not going to be inspired. To me, the cyber partisans are interesting because they're different from sort of regular hacktivists in their way. Right. They're not the sort of angry teenager vandalizing things. They're very much strategic and purpose driven. But that's also what sets them apart from like the, these state sponsored hacktivist groups like you were seeing with killnet and things like that out of Russia, where it was very much, you know, one FSB officer and a bunch of ducklings. Part of what sets them apart is not just their activities. They don't do DDoS, but killnet could do hack and leaks if they wanted to. That's not outside the realm of possibility. But the cyber partisans very much have a direction that's political, consistent, motivated. They're authentic in how they behave. They're very open about what they're doing. And I think the sort of, the actions speak for themselves in a way. They sort of have to. Like, you can't necessarily trust what they say, but you can see what they do.
[24:29]
Tom Uren
Yeah, yeah. That's why I was wondering why they bothered to put out a post. Because their actions, I thought, did speak for themselves. I guess the only thing that would require justification is you're not, you know, you're the Belarusian cyber partisans. Why are you attacking a Russian airline? And I think in the post it addresses that in a sentence or two, talking about the relationship between Putin and Lukashenko.
[24:54]
Gruk
I mean, it's, it's a very fair assessment to say that like, if Putin has gone, then Lukashenko will follow.
[25:02]
Tom Uren
Right.
[25:02]
Gruk
Therefore, if our goal is to get rid of Lukashenko, we start by getting rid of Putin.
[25:08]
Tom Uren
So, yeah, I guess to sum up, sum up, we both think that this was like a significant hack. Like, this is one of the bigger hacks that has affected an airline ever.
[25:21]
Gruk
So one thing that we haven't discussed is I think that there's a, a psychological impact to this that's beyond Sort of like the physical or economic impact to Aeroflot, which is that the cyber partisans and others are sort of trying to make the Russian public aware that the war is going on and bad things happen. And I'm sure that they are aware of this, but it doesn't necessarily affect them. It's like, oh, another oil refinery got bombed or a drone manufacturing factory got hit. Those aren't great. But unless you work at that factory, it doesn't really matter that much. But if all of your flights get canceled, that's, you know, like, that's a serious disruption to your life, you know, and it's, it has that impact. And I think in that sense it is more impactful than Keefstar, for example. Right. With, with the Keefstar hack, You know, people were telling me, they're like, they're super upset, so they walked across the street, bought another SIM card, went about their day. You know, it was sort of like, oh, this is terrible. Well, anyway, you know, but you can't do that with, you know, like the only air carrier. Right? Like, if you're stranded at the terminal, you're stranded at the terminals. You don't, you can't just get on the other flights. You know, congrats to them for having possibly the most impactful cyber attack of the last several years of this conflict. I think this is bigger than Keevstar in terms of its actual impact, but similarly, it's going to be ephemeral, it's going to be fleeting.
[27:12]
Tom Uren
Right, right. I mean, I guess in a way, if you're the resistance, having a high profile heck is a win in terms of the propaganda value and the reputational value. So even if the, even if the hack, the impact of the hack is ephemeral, the stories last for a lot longer. So at this point, we think the hack was very well done. At the same time, it's going to have ephemeral effects. Aeroflot will be fine within a couple of weeks. On the third hand, it's a, this, this will have impact, right? It'll. Because it's a high profile hack, there's an outsized impact on the way people think about, I guess, the Belarusian resistance.
[28:08]
Gruk
Right. And the special military operation as the Russians.
[28:11]
Tom Uren
Right. Yeah.
[28:12]
Gruk
I think the impact of the hack exceeds the actual size of the hack.
[28:18]
Tom Uren
The impact on the population, you mean, like what? Yeah, yeah, it's influence.
[28:23]
Gruk
Yes. Okay. So, so I think the, the impact of the hack on the population exceeds the size of the impact of the hack on the target.
[28:35]
Tom Uren
Right.
[28:36]
Gruk
Like the intent is to achieve effects on the people, not on Aeroflot. And I think that that's been successful. Right, so this is. This is absolutely the Kissinger quote of, you know, the Resistance wins if they do not lose, and the state loses if they do not win. And I think that this shows that the Resistance is still there. Absolutely not losing.
[29:02]
Tom Uren
Yeah. So I guess even though we spend a lot of hours talking about how ineffective cyber operations are in war or how they have a limited role, I guess it's more fair to say when it. When it comes to this hack where. Yeah, yeah. Thumbs up. Cyber. Absolutely.
[29:20]
Gruk
Cyber all the way. Thanks, Tom.