Russia’s national airline Aeroflot has been forced to cancel dozens of flights, disrupting travel across the world’s biggest country, after two pro-Ukraine hacking groups claimed to have inflicted a crippling cyber attack on the carrier.

The Kremlin said on Monday that the situation was worrying, and Russian politicians have called it a wake-up call for the country.

Prosecutors also confirmed the disruption was caused by a hack and opened a criminal investigation, while senior politician Anton Gorelkin said Russia was under digital attack.

“We must not forget that the war against our country is being waged on all fronts, including the digital one,” Mr Gorelkin said.

“I do not rule out that the ‘hacktivists’ who claimed responsibility for the incident are in the service of unfriendly states.”

Another member of parliament, Anton Nemkin, said investigators must identify not only the attackers but “those who allowed systemic failures in protection”.

Aeroflot did not say how long the problems would take to resolve, but departure boards at Moscow’s Sheremetyevo Airport turned red as flights were cancelled at a time when many Russians take their holidays.

The company’s shares were down by 3.9 per cent on Monday, underperforming the wider market, which was 1.4 per cent lower.

Dozens of Aeroflot flight services were grounded or delayed in the wake of the hack. (Reuters: Denis Balibouse)

A statement purporting to be from a hacking group called Silent Crow said it had carried out the operation together with Belarusian Cyber Partisans, a self-styled hacktivist group that opposes president Alexander Lukashenko and says it wants to liberate Belarus from dictatorship.

“Glory to Ukraine! Long live Belarus!” said the statement using the Silent Crow name.

Cyber Partisans said on its website: “We are helping Ukrainians in their fight with the occupier, carrying out a cyber strike on Aeroflot and paralysing the largest airline in Russia.”

There was no immediate comment from Ukraine.

Silent Crow has previously claimed responsibility for attacks this year on a Russian real estate database, a state telecoms company, a large insurance firm, the Moscow government’s IT department and the Russian office of South Korean car manufacturer KIA.

Travellers at Moscow’s Sheremetyevo International Airport have faced disruption from drones and cyber attacks multiple times this month. (Reuters)

Some of those incidents resulted in big data leaks.

“The information that we are reading in the public domain is quite alarming. The hacker threat is a threat that remains for all large companies providing services to the population,” Kremlin spokesperson Dmitry Peskov said.

Aeroflot said it had cancelled more than 40 flights — mostly within Russia but also including routes to the Belarusian capital Minsk and the Armenian capital Yerevan — after reporting a failure in its information systems.

An online departure board for Sheremetyevo airport also showed dozens of others were delayed.

“Specialists are currently working to minimise the impact on the flight schedule and to restore normal service operations,” Aeroflot said.

Aeroflot is Russia’s national carrier and previously was the Soviet Union’s flag-carrier. (Reuters: Shamil Zhumatov)

The statements from Silent Crow and Belarusian Cyber Partisans said the cyber attack was the result of a year-long operation which had deeply penetrated Aeroflot’s network, destroyed 7,000 servers and gained control over the personal computers of employees, including senior managers.

They published screenshots of file directories purportedly from inside Aeroflot’s network and threatened to soon start releasing “the personal data of all Russians who have ever flown Aeroflot”, as well as intercepted conversations and emails of Aeroflot staff.

Furious passengers take to social media after hack delays

Since Moscow launched its war in Ukraine in February 2022, travellers in Russia have become used to flight disruptions, usually caused by temporary airport closures during drone attacks.

Russian companies and government websites have been subjected to sporadic hacking attacks, but Monday’s incident was potentially the most damaging because of the widespread disruption and the high profile of Aeroflot.

Former Aeroflot pilot and aviation expert Andrei Litvinov told Reuters: “This is a serious disaster. Okay, flight delays — you can survive that. But these are losses, huge losses for a state-owned company.”

” If all the correspondence, all the corporate data is exposed — this can have very long-term consequences… First the drones, and now they are blowing up this situation from the inside. ”

Passengers vented their anger on social network VK, complaining about a lack of clear information from the airline.

One traveller, Malena Ashi wrote: “I’ve been sitting at Volgograd airport since 3:30!!!!! The flight has been rescheduled for the third time!!!!!! This time it was rescheduled for approximately 14:50, and it was supposed to depart at 5:00!!!”

Another woman, Yulia Pakhota, said: “The call centre is unavailable, the website is unavailable, the app is unavailable.

“How can I return a ticket or exchange it for the next flight, as Aeroflot suggests?”

Aeroflot said affected passengers could get a refund or re-book as soon as its systems were back and it was trying to get some passengers seats on other airlines.

Despite Western sanctions on Russia that have drastically limited travel and routes, Aeroflot remains among the top 20 airlines worldwide by passenger numbers, which last year hit 55.3 million people, according to its website.

Reuters

On Monday, July 28, Russian flag carrier Aeroflot said in a Telegram post that a failure in its information systems had caused widespread flight disruptions. The airline warned of delays and cancellations, stating that teams were working to restore normal service as quickly as possible.

Shortly afterward, a pro-Ukraine hacker group claimed responsibility for the outage. The statement, posted to Telegram, alleged a long-planned cyberattack had crippled Aeroflot’s internal IT systems. Russian authorities have since confirmed a hack and launched a criminal investigation.

Pro-Ukrainian ‘Silent Crow’ Group Behind The Cyberattack

Photo: Media_works | Shutterstock

The group behind the cyberattack, Silent Crow, claimed it had infiltrated Aeroflot’s network more than a year ago. The Belarusian hacktivist group Cyber Partisans has also collaborated in the operation. In a post shared on Telegram, Silent Crow described a “large-scale operation” that resulted in the complete destruction of the airline’s internal IT infrastructure.

They said around 7,000 physical and virtual servers were wiped out, along with databases, employee computers, and corporate systems. The group stated that they accessed critical platforms used by the airline, including SharePoint, Exchange, CRM, and 1C.

It also claimed to have stolen surveillance recordings and wiretapped data from internal communications, totaling more than 12 terabytes. Additionally, they have threatened to release the personal data of Aeroflot passengers. The Silent Crow said in a statement published on Telegram:

“All these resources are now inaccessible or destroyed; restoration will require, possibly, tens of millions of dollars. The damage is strategic…Recovery will take a lot of time. Most of the data for Aeroflot is lost forever.”

More Than 50 Flights Have Been Canceled

Photo: vaalaa | Shutterstock

Aeroflot has not officially confirmed that it is the victim of a cyberattack, but did acknowledge in a Telegram post that “There was a failure in the operation of the airline’s information systems. There may be interruptions in the work of services.” According to the airline’s Telegram updates, around 52 flights have been canceled.

These include major domestic services such as Moscow–Yekaterinburg, Moscow–Kaliningrad, Moscow–Sochi, and Moscow–St. Petersburg, along with international flights to the Belarusian capital, Minsk, and the Armenian capital, Yerevan. The airline has advised passengers to monitor airport departure boards for real-time updates.

“Currently, the team of specialists is working to minimize the risks of the implementation of the flight plan and restore the regular operation of the services as soon as possible,” the airline said. Affected travelers have been offered the option of a refund or rebooking within ten days, although ticket counters at the airport are temporarily unable to process changes.

Kremlin spokesperson Dmitry Peskov said the incident was “quite alarming,” and the Russian Prosecutor General’s Office confirmed that Aeroflot’s system failure resulted from a cyberattack. A criminal investigation has been opened.

Despite Broader Disruption Across Russia, Aeroflot Remains One Of The Top Airlines By Passenger Numbers

Photo: fifg | Shutterstock

In recent years, Russia’s aviation sector has experienced repeated flight disruptions, primarily due to Ukrainian drone activity. Moscow Sheremetyevo International Airport, which is Aeroflot’s main hub, has frequently suspended runway operations in response to potential drone threats. Even earlier this month, coordinated drone strikes led to mass cancellations across Moscow’s major airports, affecting domestic and international traffic.

These disruptions have affected not only Moscow’s airspace but operations for Russian carriers more broadly, including Aeroflot. Despite the challenges, the airline remains one of the largest in the region and is among the top 20 global airlines by passenger numbers, having carried around 55.3 million people last year.

According to ch-aviation data, Aeroflot currently operates a fleet of more than 200 aircraft. This includes 20 Airbus A319s wet leased to Aurora, 59 Airbus A320-200s (seven of which are operated by Rossiya), six A320neos, 32 A321s, and three A321neos, as well as 15 A330-300s, seven A350-900s, 40 Boeing 737-800s, and 26 Boeing 777-300ERs.

Ukrainian and Belarusian hacker groups claimed responsibility Monday for a cyberattack on Russia’s national airline Aeroflot that has grounded dozens of flights.

Travel disruptions have become common in Russia since the Ukraine conflict began, often due to Ukrainian drones cutting through airspace, but this is the first time a cyberattack has caused such a blockage.

Russia’s state prosecutor’s office said it had opened a criminal investigation after flights were disrupted at Moscow’s main Sheremetyevo airport, Aeroflot’s home base, calling it a “a hacking attack”.

Aeroflot referred only to a “breakdown in the IT system,” saying at least 64 flights were grounded on Monday and cancelling 14 more for Tuesday.

“We’ve already arrived at the airport and found out that the flight has been cancelled,” Mikhail, a passenger waiting at Sheremetyevo, told AFP.

“This is not the first flight cancelled in July for us,” he said. “It’s sad, it’s impossible to plan business trips.”

The Ukrainian hacking group Silent Crow and the Belarusian group Cyber Partisans claimed responsibility for the attack.

“We announce the successful completion of a long-term and large-scale operation that resulted in the complete compromise and destruction of the internal IT infrastructure of Aeroflot,” they said in a joint statement.

The attack was made possible by lax security, Cyber Partisans said in a separate statement, claiming that Aeroflot’s CEO Sergei Alexandrovsky had not changed his password since 2022.

They said the company was also using outdated software such as the “Windows XP and Windows 2003” operating systems.

The hackers hinted they would publish the personal data of all Russians who had flown with Aeroflot.

Russia’s cybersecurity watchdog Roskomnadzor did not confirm the data leak, state news agency RIA Novosti reported.

Aeroflot said that it was “working to restore normal operation as quickly as possible,” adding that most of its flights were operating according to schedule.

The Kremlin said it was alarmed by the incident.

“We will, of course, clarify the information and wait for an appropriate explanation,” spokesman Dmitry Peskov told reporters.

Ukraine and its allies have long accused Russia of state-backed cyberwarfare, disrupting government and private IT systems around the world and damaging critical infrastructure.

The European anti-crime body Europol said this month that it had dismantled a pro-Russian hacking group accused of launching thousands of online attacks against Ukraine and its allies.

Russia’s flagship airline, Aeroflot, faced massive disruption on Monday as a pro-Ukraine hacking group, Silent Crow, claimed responsibility for a devastating cyberattack that shut down the airline’s systems, grounded over 50 flights, and sparked a criminal investigation. As Moscow’s Sheremetyevo airport turned into a scene of digital chaos, the Kremlin acknowledged the severity of the breach, highlighting the growing role of cyberwarfare in the geopolitical conflict.

Grounded by Hacktivism: The Aeroflot Breach and Who’s Behind It

Aeroflot, Russia’s largest and most prestigious airline, abruptly cancelled more than 50 flights on Monday, citing “information system failures.” While the airline itself offered no detailed explanation, a joint statement from hacking groups Silent Crow and Belarus-based Cyber Partisans claimed responsibility, framing the attack as a politically motivated strike tied to the ongoing war in Ukraine.

The alleged perpetrators, long active in the digital underground, declared this was the result of a year-long infiltration operation, asserting they had destroyed 7,000 servers and taken over the computers of top-level Aeroflot employees. The message ended with a stark threat: the imminent release of personal data of all Aeroflot passengers—a warning aimed at sowing public panic and undermining state infrastructure.

The hackers’ message read: “Glory to Ukraine! Long live Belarus!”, reinforcing their political motivations. Cybersecurity experts, including Rafe Pilling of Sophos, confirmed that the incident appeared ideological rather than financial, distinguishing it from typical ransomware attacks designed for extortion.

Kremlin Admits Cyber Breach as Passengers Lash Out

The Kremlin responded with unusual candor. Spokesperson Dmitry Peskov acknowledged the seriousness of the situation, calling the reports “quite alarming.” Russian prosecutors confirmed a criminal probe had been launched, citing cyber intrusion as the cause.

Meanwhile, passengers flooded social media platform VK with complaints of hours-long delays, unavailable websites, and inaccessible call centers. Some travelers reported being stranded at regional airports since the early morning hours with no clarity on when they could fly or how to rebook.

“I’ve been sitting at the Volgograd airport since 3:30!” wrote one frustrated flyer. “The flight has been rescheduled for the third time!”

The airline eventually announced that passengers could either rebook within 10 days or request a full refund, but the lack of real-time communication only deepened the public’s frustration.

Cyberwarfare Takes Off: A New Frontline in the Ukraine Conflict

Since the Russian invasion of Ukraine in February 2022, cyberattacks have emerged as a parallel battlefield. Ukraine’s formation of the “IT Army of Ukraine,” a 300,000-strong network of volunteer hackers, signaled a shift in modern warfare—where data breaches, server takedowns, and infrastructure disruption operate alongside drones and tanks.

Silent Crow and Cyber Partisans have previously claimed attacks on Russian telecom firms, insurance companies, and even the Moscow government’s IT department. But the Aeroflot hack marks the most high-profile and disruptive strike to date, affecting not just internal systems but also tens of thousands of Russian travelers during peak vacation season.

The symbolic weight of targeting Aeroflot—once a Soviet-era prestige brand and still among the world’s top 20 airlines by passenger numbers— adds a layer of psychological warfare to the operation. Even with Western sanctions grounding most international routes, Aeroflot remains a critical artery in Russia’s domestic transportation system.

On July 28, 2025, Aeroflot, Russia’s flag carrier, faced a massive disruption as over 50 round-trip flights were cancelled and at least 10 others delayed.

The chaos, centred at Moscow’s Sheremetyevo Airport, stemmed from a sophisticated cyberattack that paralyzed the airline’s IT systems.

Pro-Ukrainian hacker group Silent Crow, alongside Belarusian Cyber Partisans, claimed responsibility for the attack.

This bold move not only disrupted air travel but also raised further concerns about the vulnerability of critical infrastructure in the digital age.

The Hacking and the Fallout

The hackers revealed they had infiltrated Aeroflot’s network for a year, gaining access to sensitive data.

They claimed to have destroyed 7,000 servers and 12 terabytes of data, including flight logs, internal communications, and personal information of employees and senior managers.

Silent Crow also threatened to leak passenger data, escalating the stakes of the attack. While these claims remain unverified, the scale of the disruption suggests significant damage to Aeroflot’s operations.

Photo Credit: aeroprints.com, CC BY-SA 3.0, via Wikimedia Commons

Passengers faced long delays and confusion at Sheremetyevo Airport. Many reported a lack of clear communication from Aeroflot staff, leaving travellers stranded without updates.

Social media posts captured the frustration, with some describing chaotic scenes at check-in counters.

Aeroflot issued a statement acknowledging the IT failure and said it was working to restore services. However, the airline provided no clear timeline for recovery, leaving passengers in limbo.

Russian Authorities Confirm Cyberattack

Russia’s Prosecutor General’s Office confirmed the cyberattack and launched a criminal investigation. Kremlin spokesperson Dmitry Peskov called the incident “alarming,” highlighting concerns about cybersecurity in critical sectors.

The attack underscores the growing threat of cyberattacks on infrastructure, especially amid geopolitical tensions.

For Aeroflot, the financial and reputational damage could be substantial, as the airline struggles to regain control of its systems.

Anna Zvereva, CC BY-SA 2.0, via Wikimedia Commons

Motivations of the Attack

Silent Crow and Belarusian Cyber Partisans framed the attack as a response to Russia’s actions in Ukraine. By targeting Aeroflot, a state-backed airline, the hackers aimed to disrupt a symbol of Russian infrastructure.

This aligns with a broader trend of hacktivist groups leveraging cyberattacks to advance political agendas.

The collaboration between Ukrainian and Belarusian hackers also signals a coordinated effort to challenge Russian interests in the digital realm.

Conclusion

The Aeroflot cyberattack highlights the vulnerability of even well-resourced organizations to determined hackers. Airlines rely heavily on interconnected IT systems for ticketing, scheduling, and operations.

A breach in one area can cascade, causing widespread disruption. For passengers, this incident serves as a reminder of the real-world impact of cyberattacks, from missed flights to compromised personal data.

As Aeroflot works to recover, questions linger about how to prevent similar attacks. Strengthening cybersecurity measures, such as regular system audits and employee training, is critical.

Travellers are now left grappling with the fallout, while the hackers’ threat to leak sensitive data looms large. The incident is a stark warning of the power of cyber warfare in today’s connected world.