Menu
Browse

Cyber Threat Actor: Silent Crow

Actor Type Location Known Incidents
 Icon
Activist
1 incident
Profile

Silent Crow is a pro-Ukrainian hacking collective primarily recognized for its disruptive cyber operations against Russian entities during the ongoing conflict following Ukraine's invasion. The group operates under this single known alias and has demonstrated coordination with other hacktivist entities, notably collaborating with the Belarusian Cyberpartisans in high-impact campaigns. Their activities align with geopolitical objectives targeting Russian infrastructure, though no explicit state sponsorship or formal organizational structure has been publicly documented. The collective publicly claims responsibility for operations to amplify psychological and operational impacts, leveraging media attention to underscore vulnerabilities in critical Russian systems.

The group's targeting centers on Russian transportation and logistics sectors, with aviation representing a strategic priority for causing mass disruption. Their sole publicly confirmed operation severely impaired Aeroflot, Russia's national flag carrier, during peak travel season. Objectives emphasize service disruption and reputational damage rather than financial gain or data theft, though threats to release passenger data and internal communications suggest ancillary psychological warfare tactics. The operational focus on prolonged network access—claiming a year-long compromise before executing destructive actions—indicates patient reconnaissance and persistence objectives. No malware families, specific tooling, or initial access vectors are explicitly cited in available reports, limiting technical attribution.

Silent Crow's most significant confirmed operation occurred on July 28, 2025, when they and Belarusian Cyberpartisans crippled Aeroflot's infrastructure, destroying approximately 7,000 servers and seizing control of employee devices. The attack forced over 50 flight cancellations and caused systemic delays, overwhelming customer service and booking systems during high-demand periods. By maintaining prolonged network access prior to the attack, the actors maximized destructive potential while threatening further data leaks to compound pressure on the airline and Russian authorities. The incident triggered criminal investigations and political scrutiny of Russia's cybersecurity preparedness, reflecting the operation's success in generating tangible operational chaos and public frustration. Russian lawmakers framed the event as part of broader digital warfare efforts against critical infrastructure.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources