By AJ Vicens and Raphael Satter WASHINGTON (Reuters) -One of the groups claiming responsibility for the digital sabotage at Aeroflot, Russia's flagship airline, has a track record of disruptive hacks.
Cyber Partisans Disrupt Russian Airports with Notable Hacking History
By AJ Vicens and Raphael Satter
WASHINGTON (Reuters) -One of the groups claiming responsibility for the digital sabotage at Aeroflot, Russia's flagship airline, has a track record of disruptive hacks.
The Belarusian Cyber Partisans – a long-established group sworn to overthrow Belarusian President Alexander Lukashenko – joined with a more obscure group known as Silent Crow to claim responsibility for the crippling intrusion at Aeroflot that canceled dozens of flights on Monday and led to travel disruptions across Russia.
First emerging in 2020 in the wake of mass demonstrations against Lukashenko's reelection, the Cyber Partisans have claimed responsibility for a series of eye-catching hacks, including the defacement of Belarusian state media sites, repeated thefts of law enforcement data, and a 2022 attack against Belarusian Railway that they said had interfered with freight travel. Last year, the group claimed repeated attacks on fertilizer complex Grodno Azot, where they said they had tampered with the operations of the plant's boiler.
Reuters has not been able to independently authenticate all the group's claims or measure its disruptive impact, but the data stolen by the hackers has in the past been cross-checked and validated by groups such as Bellingcat, the open source investigators.
Yuliana Shemetovets, a spokesperson for the Cyber Partisans, told Reuters on Monday that she operates from the United States and said the group consisted of around 30 core members, mostly operating from outside of Belarus.
Silent Crow has a lower profile. It has claimed responsibility for attacks this year on a Russian real estate database, a state telecoms company, a large insurance firm, the Moscow government's IT department, and the Russian office of South Korean carmaker KIA.
Russian cybersecurity firm Bi.Zone has been tracking Silent Crow as a politically motivated group, active since mid-2022, with potential links to multiple pro-Ukrainian hacker groups, according to an entry in Bi.Zone's public database. Ukraine and Russia have been at war since Russia invaded in February 2022.
Reuters was unable to immediately contact Silent Crow and Bi.Zone did not immediately return a request seeking comment.
Members of the Belarusian Cyber Partisans may also have pro-Ukraine ties. In June, researchers with Russian anti-virus firm Kaspersky said they had identified a suspected member of the group active in a Telegram group devoted to the "IT Army of Ukraine," a group of pro-Ukrainian hackers backed by the government in Kyiv.
Shemetovets told Reuters that there was no collaboration between the Cyber Partisans and any state security or intelligence services as part of the attack on Aeroflot.
Andrii Baranovych, a fixture of the Ukrainian hacker scene, said independent groups often hand stolen data over to Ukraine's intelligence service but that as far as he was aware there was no state backing for the attack on Aeroflot.
(Reporting by Raphael Satter in Washington and AJ Vicens in Detroit. Additional reporting by Tom Balmforth in Kyiv. Editing by Rosalba O'Brien)
