Major Cyberattack Disrupts Russian Airline Aeroflot

A cyberattack against Russian national airline Aeroflot today prompted system failures that triggered the cancellation of dozens of flights.

Two pro‑Ukrainian hacker groups – Silent Crow and the Belarusian Cyber Partisans – have claimed responsibility for the attack, according to reports.

Monday, at approximately 6:30 am local time, Aeroflot reported a widespread failure in its information systems, bringing operations to a standstill at Sheremetyevo Airport and across its route network.

Flights cancelled

The incident forced cancellations of dozens of flights, with some sources suggesting more than 100 flights were affected. Additional departures and passenger services faced long delays and disruptions, according to Reuters and The Associated Press.

Chaos ensued at airport terminals, with manual check-in procedures leading to widespread passenger queues and confusion.

Silent Crow (active since around 2022) and the Belarusian Cyber Partisans (formed in 2020) claimed responsibility jointly.

They stated that they had accessed Aeroflot’s internal systems, disabled around 7,000 servers, and stolen up to 12 terabytes of data—including passenger records from Aeroflot, Pobeda, and Rossiya Airlines.

Silent Crow claimed they had access to the airline’s networks for nearly a year, allegedly enabling them to gather extensive data before executing the attack.

A wake-up call for Russia

The Kremlin described the incident as a "wake‑up call" for Russia’s critical infrastructure. Kremlin spokesperson Dmitry Peskov warned that the hacker threat remains a persistent danger to large national service providers.

Russian lawmakers echoed the concern, suggesting that the attack may be part of a broader offensive sponsored or tolerated by hostile state actors.

As Aeroflot works to restore full system functionality, a criminal investigation has been launched. It’s not yet clear when normal service levels will resume.

The incident follows a pattern of escalating cyber‑confrontation. In September 2023, a distributed denial‑of‑service (DDoS) attack on Russia’s state‑controlled Leonardo reservation system caused delays for Aeroflot, Pobeda, and Rossiya Airlines, lasting about an hour

Pro‑Ukraine hacker groups – including the IT Army of Ukraine and related factions – have increasingly targeted Russian infrastructure, including airports, telecoms firms, and government web services over the past two years.

Analysts have described the Aeroflot disruption as “kinetic sabotage”—an attack with tactical consequences beyond mere data theft. By paralyzing physical operations, the hack inflicted both practical and psychological impact on Russia’s civilian infrastructure.

Aviation authorities are assessing the extent of data compromise and considering mandatory cybersecurity upgrades across the airline sector.

Civilian transportation remains vulnerable to future cyberattacks as tensions remain high in the Russia–Ukraine war.

“Since Moscow launched its war in Ukraine in February 2022, travellers in Russia have become used to flight disruptions, usually caused by temporary airport closures during drone attacks,” Reuters reported.

Independent verification of the hacker groups’ claims, including the full scale of data exfiltration, remains pending. Reuters and other investigative outlets have yet to confirm the authenticity of all assertions made by the groups.

You may also want to read:

Russian Alcohol Giant Novabev Group Discloses Ransomware Incident

16 Charged in Connection with DanaBot Malware Allegedly Commanded from Russia

Google Releases Urgent Chrome Update to Thwart Espionage Exploit