Russia Airline Cyberattack

Russia’s flagship state-owned carrier, Aeroflot, was hit by a significant cyberattack on Monday, leading to a mass outage of its computer systems and forcing the cancellation of over 100 flights, with many others delayed.

The disruption caused widespread chaos at Moscow’s Sheremetyevo airport, Aeroflot’s base, where images shared on social media depicted hundreds of delayed passengers. The outage also impacted flights operated by Aeroflot’s subsidiaries, Rossiya and Pobeda. While primarily affecting domestic routes, the cyberattack also led to cancellations for some international flights to Belarus, Armenia, and Uzbekistan.

Initially, Aeroflot issued a statement warning passengers of “unspecified difficulties” with its information technology system. However, Russia’s Prosecutor’s Office later confirmed the incident was a cyberattack and announced a criminal investigation had been launched. Kremlin spokesperson Dmitry Peskov described reports of the attack as “quite alarming,” adding that “the hacker threat is a threat that remains for all large companies providing services to the general public.”

Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian President Alexander Lukashenko, both claimed responsibility for the assault.

Silent Crow asserted via Telegram that it had maintained access to Aeroflot’s corporate network for a year, during which time it copied customer and internal data, including audio recordings of phone calls, employee surveillance data, and other intercepted communications. The group claimed that these resources are now “inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic.” The channel also shared screenshots purporting to show Aeroflot’s internal IT systems, insinuating that seized data could be released soon. “The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip — albeit without luggage and to the same destination,” it stated. These claims could not be independently verified.

Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian President Alexander Lukashenko, both claimed responsibility for the assault. (AFP/Getty)

The Belarus Cyber-Partisans told The Associated Press they had hoped to “deliver a crushing blow.” The group has a history of claiming responsibility for cyberattacks, including an alleged infiltration of Belarus’s main KGB security agency in April 2024. Group coordinator Yuliana Shametavets described the Aeroflot incident as “a very large-scale attack and one of the most painful in terms of consequences,” adding that the group had prepared for several months, exploiting various vulnerabilities to penetrate the airline’s network.

Belarus is a close ally of Russia, with President Lukashenko having allowed Russia to use his country’s territory for the full-scale invasion of Ukraine and for the deployment of tactical nuclear weapons. The incident follows a summer of repeated mass delays at Russian airports, often due to Ukrainian drone attacks prompting flight groundings over safety concerns.

MOSCOW, Jul 28: Russian state-owned flagship carrier Aeroflot suffered a mass IT outage Monday following a cyberattack, Russia’s prosecutor’s office said, forcing the airline to cancel more than 100 flights and delay others.

Footage shared on social media showed hundreds of delayed passengers crowding Moscow’s Sheremetyevo airport, where Aeroflot is based. The outage also disrupted flights operated by Aeroflot’s subsidiaries, Rossiya and Pobeda.

While most of the flights affected were domestic, the disruption also led to cancellations for some international flights to Belarus, Armenia and Uzbekistan.

In a statement released early Monday, Aeroflot warned passengers that the company’s IT system was experiencing unspecified difficulties and that disruption could follow.

Russia’s Prosecutor’s Office later confirmed that a cyberattack had caused the outage and that it had opened a criminal investigation.

Kremlin spokesperson Dmitry Peskov called reports of the attack “quite alarming,” adding that “the hacker threat is a threat that remains for all large companies providing services to the general public.”

Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian leader Alexander Lukashenko, claimed responsibility for the attack.

The group claimed it had accessed Aeroflot’s corporate network for a year, copying customer and internal data, including audio recordings of phone calls, data from the company’s own surveillance on employees and other intercepted communications.

“All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic,” the channel purporting to the Silent Crow group wrote on Telegram. There was no way to independently verify its claims.

The same channel also shared screenshots that appeared to show Aeroflot’s internal IT systems and insinuated that Silent Crow could begin sharing the data it had seized in the coming days.

“The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip – albeit without luggage and to the same destination,” it said.

Russia’s airports have repeatedly faced mass delays over the summer as a result of Ukrainian drone attacks, with flights grounded amid safety concerns. (AP)

Russia’s national airline Aeroflot was forced to cancel dozens of flights on Monday after a massive cyber attack caused the company’s computer systems to fail.

A hacking group called Silent Crow claimed responsibility for the action, alongside an outfit known as Cyber Partisans.

“We declare the successful completion of a prolonged and large-scale operation, as a result of which the internal IT infrastructure of Aeroflot was completely compromised and destroyed,” Silent Crow wrote on Telegram. “Glory to Ukraine” Long live Belarus!”

Advertisement Advertisement

Advertisement Advertisement

The hackers claim that a year-long infiltration of Aeroflot’s systems allowed them to steal 20 terabytes of data and destroy 7,000 servers.

The scale of the attack has led to questions about who the hackers actually are, and how much threat might they pose to Russia.

Who is Silent Crow?

The Telegram channel that serves as the group’s mouthpiece was formed on Christmas Day 2024, with the first attack claimed just weeks later.

In January 2025, Silent Crow said that it was behind a breach of Russia’s real estate registry Rosreestr that compromised around 2 billion records.

That same month, the hackers claimed responsibility for an attack on Russian telecom firm Rostelecom, which leaked customer information through one of its contractors. The company claimed that no sensitive data was stolen.

Advertisement Advertisement

Advertisement Advertisement

Other claimed targets include Moscow’s Department of Information Technologies, Kia Russia and Alfa Bank – Russia’s largest private bank.

What are the group’s motivations?

Silent Crow positions itself as a pro-Ukraine group of hacktivists – activist hackers – that target Russia and its allies.

“You are incapable of protecting even your most critical infrastructure,” the group wrote following the Aeroflot attack. “To all members of the repressive apparatus – your digital security is meaningless. You’ve long been under observation.”

The group’s targets, as well as the fact that it has never demanded a ransom from its victims, have inevitably led to speculation that it is backed by Ukraine, though Kyiv has not commented on this.

Advertisement Advertisement

Advertisement Advertisement

This appears to be the first time that the group has worked alongside Cyber Partisans, which share similar motivations.

Cyber Partisans are a long-established hacker group from Belarus, who have been operating since at least 2022 – the year that Russia launched its full-scale invasion of Ukraine.

The group describes itself as a “highly organised hacktivist collective that is fighting for the liberation of Belarus from dictatorial rule”.

How has Russia responded?

The Kremlin described the latest cyber attack against Aeroflot as “worrying”, while Russia’s prosecutors office has launched a criminal investigation.

Senior Russian lawmaker Anton Gorelkin described the incident as a “wake-up call”, and called for reinforcement to the country’s cyber defences.

Advertisement Advertisement

Advertisement Advertisement

“We must not forget that the war against our country is being waged on all fronts, including the digital one,” he said in a statement.

“I do not rule out that the ‘hacktivists’ who claimed responsibility for the incident are in the service of unfriendly states.”