Silent Crow
Silent Crow is a pro-Ukraine hacking group focused on Russian targets. In the provided reporting, it is described as having claimed responsibility for several cyberattacks against Russian entities, including a breach of Rosreestr, Russia’s state property registry. Silent Crow is also repeatedly linked with the Belarusian Cyber-Partisans in disruptive operations against Aeroflot in July 2025. Those claims include a yearlong intrusion into Aeroflot’s network, destruction of IT infrastructure, exfiltration of sensitive data, publication of alleged flight records, and disruption that canceled more than 100 flights and affected roughly 20,000 passengers. Additional reporting cited in the content says Silent Crow and Belarusian Cyber-Partisans claimed to have wiped thousands of servers and rewritten files with anti-Putin insults. One report also states Silent Crow previously breached a Rostelecom contractor and leaked data from Rostelecom websites. Russia is seeking to designate Silent Crow, along with Belarusian Cyber Partisans, as an extremist organization, which would ban its activities in Russia. Known alias in the provided content: silent_crow.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Government & Administration
- Transportation
Where they target
Geographies tied to known operations.
- 🇷🇺 Russia
Tradecraft
3 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Pro-Ukraine hacking group that claimed multiple cyberattacks against Russian targets, including Rosreestr and the 2025 Aeroflot incident alongside Belarusian Cyber Partisans.
Group associated with a claimed breach of Russian airline systems and large-scale data exfiltration.
Claimed responsibility for a disruptive intrusion against Aeroflot, reportedly leveraging third-party contractor access (Bakka Soft) to regain entry, establish persistence, move into Active Directory, obtain high-privilege accounts, and deploy multiple malware tools; also reported to have breached a Rostelecom contractor and leaked data.
Hacktivist group claiming responsibility for a disruptive intrusion against Aeroflot, alleging long-term network penetration and destructive actions impacting flight operations.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.