Russia’s prosecutor’s office on Monday launched a criminal investigation into a massive pro-Ukrainian cyberattack against Russia’s Aeroflot which Anton Gorelkin, a senior member of the State Duma, said was a “much-needed wake-up call,” adding “… the war against our country is being waged on all fronts, including the digital one.” He demanded immediate action to reinforce the country’s cyber defenses.

The pro-Ukrainian Silent Crow hacking group claimed responsibility on its Telegram channel, saying the attack had been supported by the Belarusian Cyberpartisans group. It claimed it had not only “taken down” Aeroflot’s system but had completely destroyed the company’s entire internal IT infrastructure.

JOIN US ON TELEGRAM Follow our coverage of the war on the @Kyivpost_official. Advertisement

The hackers said their operation had been a year in preparation during which time they had infiltrated every corner of the system in preparation for their sabotage attack – its post giving a detailed technical breakdown of its activities inside the network.

As a result, it said it had deprived Aeroflot of access to around 7,000 servers that host the entire company infrastructure including the client database and corporate flight services. They claimed to have also downloaded, encrypted and deleted around 20 terabytes of information which included the flight history of Aeroflot customers.

As a result of the attack, which were timed to hit the peak of Russia’s holiday season, chaos ensued at the Sheremetyevo, Vnukovo, and Krasnoyarsk airports, with many flights seriously delayed or simply cancelled.

Pro-Kyiv blogger Alexander Nevzorov said, somewhat sarcastically, that “[Russian] citizens waited in kilometer-long immovable queues – speechless, motherless and perhaps even happy that their suffering is their personal contribution to the ‘SVO’” – Russia’s term for its 2022 full-scale invasion of Ukraine.

Advertisement

Without acknowledging the scale of the damage, a Kremlin spokesperson on Monday acknowledged the fact of the cyber assault, and called it “worrying.”

Who are Silent Crow and Cyberpartisans?

Ukrainian hackers have carried out several high-profile cyberattacks over the past three years aimed at Russia’s government ministries including its Crimean-based authorities, businesses linked to its military, energy suppliers, national and regional internet and telecoms services, Russia’s courts and its rail network.

In most cases these attacks have been “sponsored” or at least claimed by Ukraine’s intelligence agencies, but on this occasion none of Kyiv’s special services have so far taken responsibility.

According to its Telegram channel, Silent Crow was formed at the end of 2024. Its activities have attracted the anger of Moscow’s authorities which have forced the closure of its social media channels on four occasions. Its current channel is called “silent crow_reborn.”

The group claimed its first successful cyberattack in January against Russia’s Rosreestr real estate registry gaining access to and compromising around 2 billion records.

Advertisement

Later that month the group claimed responsibility for an attack on Rostelecom, after accessing the IT systems of one of its contractors, during which it leaked customer information although the company claimed that no sensitive data was stolen.

In February Silent Crow said it had accessed “DIT” – the central database of citizens of Moscow and the Moscow Region – and published 10 million, out of a total of the 30 million records it claimed to have dumped.

The Cyberpartisans group was formed in 2022 shortly after the full-scale invasion of Ukraine and describe themselves as a “highly organized hacktivist collective that is fighting for the liberation of Belarus from dictatorial rule.”

In March, Silent Crow claimed another attack in partnership with the Cyberpartisans group, this time against Russia’s National Cyber Incident Response Team (CERT). In its Telegram post it happily declared that Silent Crow had “struck at the very heart of the regime’s cyber defense” and that CERT is “The very body that is supposed to stand against people like us [hackers]. It [Moscow] says it is ‘a bastion of cybersecurity’ – in reality, it is an open gateway.”

Silent Crow claimed to have obtained access to CERT’s complete databases, e-mail servers, “and many other interesting materials that you will learn about very soon.” To prove the veracity of its claims, Silent Crow published a link to the cyber-guardians’ website and source code and invited readers to download it adding: “If you find interesting information there, please share it.”

Advertisement

They ended the post by saying “there has been no news from us for a while… We continue to work… Very soon you will see results that speak for themselves.

On July 20, Silent Crow said it had gained access to Moscow’s Unified Medical Information and Analytical System (EMIAS), took administrative control , downloaded 17 TB of data relating to patients and medical staff before disabling access to and deleting it as well as the backup data storage.

All this before claiming responsibility for Monday’s attack on Aeroflot, the damage caused could take six months to a year to sort out and cost the company as much as $50 million in lost revenue according to several Russian IT security experts.

Silent Crow categorized the operation as a direct message to Russia’s “so-called ‘cyber defenders’ – you are incapable of protecting even your key infrastructures. To all employees of the repressive apparatus — your digital security is negligible, and you yourselves have long been under surveillance.”

The group signed off with the words “Glory to Ukraine! Long live Belarus!”

Advertisement

BBC comments on the Aeroflot attack and other cyber operations was skeptical of their actual value saying: “… their boasts about various cyber-attacks are [rarely] backed up with facts. These gangs are often run by volunteers who target organizations and exaggerate their attacks to make headlines and degrade enemy morale.”

Nevzarov did not share that view of the success of the Aeroflot and other attacks. He wrote: “One way or another, such paralysis turned out to be even more effective and cheaper than drone attacks.

“In addition to transport, pension, energy, postal and other structures will be next in line. They are also tightly interwoven with computer connections that are also completely vulnerable which [our] hackers will still stretch to the fullest, watching the collapse of each of them in turn.”

Head of Roscosmos Dmitry Bakanov has arrived in the United States for talks with NASA leadership – the first in-person meeting between the sides since 2018, Reuters reports.

Roscosmos is the State Corporation for Space Activities of the Russian Federation, responsible for overseeing the country’s space program. It manages rocket launches, space exploration, and the development of space technologies. The agency is involved in both civilian and partially military projects and plays a key role in international collaborations such as the International Space Station (ISS).

JOIN US ON TELEGRAM Follow our coverage of the war on the @Kyivpost_official.

The negotiations will take place in Houston with the participation of acting NASA Administrator Sean Duffy. The parties will discuss the continuation of joint flights, the future of the International Space Station, and preparations for its safe deorbiting.

Advertisement

According to Russian news agency TASS, Dmitry Bakanov also plans to meet with the Crew Dragon mission team, which includes Russian cosmonaut Oleg Platonov. The Crew-11 launch is scheduled for July 31 from Cape Canaveral.

As part of the visit, Bakanov will tour the Johnson Space Center and Boeing’s production facilities, where the Russian delegation will hold discussions on joint space projects.

The last meeting at the level of space agency heads took place in 2018, when Dmitry Rogozin met with Jim Bridenstine at Baikonur.

Earlier this week, Roscosmos head Dmitry Bakanov announced that the corporation plans to develop a reusable rocket similar to Elon Musk’s SpaceX in order to make space launches more cost-effective.

Other Topics of Interest First Direct Flight From Pyongyang Lands in Moscow Russian diplomat Matvei Krivosheyev, who was also on board, was quoted as saying it was the first such flight in almost three decades.

“With Musk’s rocket, he’s proving that previously the first stage would burn out, detach, fall, and go to scrap. Now, the first stage is used multiple times, and this leads to enormous cost reduction and massive savings,” Bakanov said in an interview, according to The Moscow Times.

According to him, the technical assignment for developing this technology was signed only in June, and it will take about one and a half to two years to complete.

Ukrainian and Belarusian hackers laid low the Kremlin flagship airline Aeroflot on Monday, wiping data bases, publishing passwords, stranding thousands of travelers and demolishing the IT infrastructure of Russia’s biggest air passenger carrier.

The massive cyber-attack brought Aeroflot freight flights – also the nation’s largest – to a near stand-still, aviation news platforms said. Hackers responsible for the attack claimed most of Aeroflot’s digital data base was irrevocably erased.

JOIN US ON TELEGRAM Follow our coverage of the war on the @Kyivpost_official.

The digital assault hit Aeroflot servers during the night of July 28. The main targets were company communications and data-transfer infrastructure in airports in Moscow and Petersburg, and Aeroflot corporate headquarters.

The attack shut down airline computers at both airports, at Aeroflot branch offices, and at corporate headquarters at Melkisarovo near Sheremetovo airport. Moscow media reported the entire Aeroflot headquarters complex had its electricity shut off to prevent further access to compromised systems. Staff said they had been told not to access company networks, including email.

Advertisement

This snarky image published by the Belarusian cyber resistance group Cyberpartisans on Monday led an article detailing a massive hack attack against the Russian flagship airline Aeroflot. The two “pilots” at the right of the image are the Ukrainian actor/comedians Aleksy Agopyan (Navigator Drinkens) and Yury Stytskovsky (Commander, no surname) performing in the 1990s-era spoof aircraft disaster series “Nose Dive.” The show was wildly popular across the former Soviet space and is still in reruns in Russia and Ukraine.

The collapse of access to Aeroflot server-based information made effectively impossible aircraft refueling, determining crew location, identifying aircraft needing maintenance, tracking crew rest and even finding registered passenger lists.

Advertisement

The independent Russian news agency Astra citing the hackers reported the attack had practically destroyed Aeroflot’s internal IT infrastructure and wiped clean 7,000 servers. Deutsche Welle Belarus citing an interview with one of the hackers reported the attack hit 8,000 computers (PCs and servers) using a hundred different operating programs.

Aeroflot staff turning on computers could only reach a main screen on which two hacker groups took credit for the attacks. A screen shot of the start-up image, posted by the Belarusian hacktivist group Cyberpartisans, showed a plummeting airplane and vulgar language lampooning Aeroflot security.

A statement on the hackers’ website said the group teamed up with a long-established Ukrainian cyber guerilla group called Silent Crow to breach and exploit Aeroflot security for more than twelve months, before moving to shut down the airline’s data-sharing networks on Monday.

The groups said they were able to break in to Aeroflot data networks because of “poor password security” including by Aeroflot CEO Sergei Aleksandrovskiy who, per the hackers, had not changed his password since 2002. Primitive operating systems used across Aeroflot – Windows XP and 2003 – helped the hackers to gain access to the company’s entire digital network, the statement claimed.

Advertisement

The attackers injected an “innovative special algorithm” into corporate networks that erase all data in Aeroflot-operated CREW, Sabre, Sharepoint, Exchange, KASUD, Sirax, Sofi, CRM, ERP, 1C, and even security systems, and wiped clean all data used by those airline information-sharing programs without chance of recovery, the statement claimed in part.

Local news reported more than 50 Aeroflot flights canceled over the day and thousands of air travelers stranded in major airports across Russia’s thirteen time zones.

Open source flight tracking data platforms showed a sharp drop in Aeroflot flights over Russian Federation air space starting at about 05:00 UTC. The first official Aeroflot messages to passengers about the hacking assault, “possible errors in (Aeroflot) servers…requiring possible timetable correction” went out about an hour later.

Screen grab of frustrated travelers waiting to re-book tickets at Sheremetovo airport Moscow, open source video, X, Monday.

Advertisement

The airline instruction told passengers they could stay current on flight schedules by checking information boards at airports, or by listening for announcements. Travelers posted images of lengthy queues at Aeroflot desks of travelers attempting to reschedule or obtain a cancelled flight voucher, and complaints that luggage service had stopped and airport air condition was shut off.

Over the course of the day 52 passenger flights – about half of Aeroflot normal schedule – had been cancelled. The RBC news agency reported the airline’s income loss over the day at between 259 million to 500 million rubles ($3.15-$6.15 million). The attack caused Aeroflot stock to plummet 3.9 percent on the day, Moscow Times reported, calling the hacker assault “a serious disaster for the state-owned airline.”

Limited service continued throughout the day and into Tuesday. Aeroflot was operating at limited capacity and prioritizing flights to Russia’s otherwise poorly-service Caucasus region, to Siberia, Russia’s Far East and to selected international routes, a Monday Transport Ministry statement said.

Other major Russian air passenger carriers like S7 Airlines, Ural Airlines, Utair and Smartavia appeared to operating normally. Aside from air travelers, Aeroflot is Russia’s second biggest transporter of air freight. There were no early reports about possible effects the hack had, if any, on those aircraft streams.

Advertisement

Aeroflot’s main website was inaccessible on Tuesday. Websites for the Aeroflot subsidiaries Rossiya Airlines and Pobeda airlines appeared on Tuesday to be functioning normally.

Russian political scientist Sergei Markov, a longtime advisor in Kremlin circles, in comment published on his personal Telegram channel said the punishing cyber assault on Aeroflot had exposed complacency and unwillingness to acknowledge a war was on, by corporate leadership. Russia’s western enemies lay behind the attack, he claimed.

Markov said: “Huge chaos. Apparently, Aeroflot managers, like normal millionaires, all hoped that the conflict with the West would end soon…(I)t Because this is a conflict nobody needs…But it turned out they had to defend against the intelligence services of terrorist states. They were completely unprepared for that. Well, now everything will be explained to them!”

The Cyberpartisans statement said its operators had copied and archived all Aeroflot corporate data, and would be making public selections from that data base in coming weeks and months.

The European Union (EU) informed Ukraine’s government on July 24, through diplomatic channels, that it was suspending all financial assistance to Ukraine until the independent powers of its anti-corruption institutions are restored.

This information was confirmed by four separate government, diplomatic and parliamentary sources, according to a report by Ekonomichna Pravda (EP).

JOIN US ON TELEGRAM Follow our coverage of the war on the @Kyivpost_official.

“Everything has been put on hold until the situation is resolved,” one of them told EP.

Ukrainian President Volodymyr Zelensky signed the controversial Bill No.12414 into law on Tuesday night, July 23, effectively gutting the country’s top anti-corruption agencies – the National Anti-Corruption Bureau (NABU) and the Specialized Anti-Corruption Prosecutor’s Office (SAPO) of their power to investigate corruption crimes independently.

Advertisement

In response to this move, the EU decided to suspend key funding packages needed to finance Ukraine’s macro-financial stability and investment projects – the EU’s share of the Extraordinary Revenue Acceleration (ERA) loan, backed by profits from around $20 billion in frozen Russian assets, along with financing from the European Bank for Reconstruction and Development and the European Investment Bank.

Funding under another key European Union’s financial assistance program, the Ukraine Facility, could also be in danger, though EP reported that current EU legislation may prevent it from holding back financing in the event Ukraine fails to meet expectations.

Ukraine has failed to complete its homework on reforms before, jeopardizing funding under the Ukraine Facility. But according to EP, Ukrainian Prime Minister Yulia Svyrydenko received a letter warning that a separate decision might be made to halt the funding.

According to the report, Ukraine’s government is expecting €18 billion ($20.88 billion) in total from both the Ukraine Facility and ERA loans. In addition, the EU has so far disbursed only €3.7 billion ($4.29 billion) under the Ukraine Facility, out of a planned €12.5 billion ($14.5 billion).

Advertisement

Under the ERA program, Ukraine has received €8 billion ($9.2 billion) from a total commitment of $18 billion.

The Ukraine Facility is a results-based financial package built on the “money for reforms” principle. Instead of simply disbursing funds, the EU ties payments to a set of reform benchmarks – specific actions policymakers must complete by designated deadlines.

Until 2025, Ukraine had met all reform indicators under the Ukraine Facility. However, in the first quarter of this year, three indicators remain unmet and one was delayed, which could cost Ukraine about €1.5 billion ($1.7 billion) in EU aid, according to a report by RRR4U, a consortium of leading Ukrainian NGOs including the Institute for Economic Research (IER), Dixi Group, the Institute of Analytics and Advocacy, and the Centre for Economic Strategy (CES).

The RRR4U report was published earlier in July, while Ekonomichna Pravda wrote that the EU issued another warning after the signing of the NABU bill.

Advertisement

To receive the now-withheld funding, Ukraine’s lawmakers and Zelensky should restore the independence of NABU and SAPO from the potential political abuse by Ukraine’s Prosecutor General, according to the letter referenced by EP.

Following publication of this article, Nicolò Gasparini, spokesperson for the EU Delegation to Ukraine, along with a representative from the French Embassy, contacted Kyiv Post and said the decision to withhold funding is directly linked to Ukraine’s underperformance under the Ukraine Facility program.

However, neither Gasparini nor the French embassy in Ukraine denied the existence of the letter allegedly sent to Svyrydenko.

“In this specific case, the €1.5 billion [$1.7 billion] cut is not linked to last week’s developments on the anti-corruption bodies, but it refers to the fourth request for payment under the Ukraine Facility,” Gasparini told Kyiv Post in an email.

He added that Ukraine made a request to decrease the tranche of the next Ukraine Facility disbursement. “Indeed, on June 6, Ukraine made a request for a partial payment (€3 billion [$3.5 billion]) instead of €4.5 billion [$5.2 billion],” he wrote.

Ukraine should receive €4.5 billion ($5.2 billion) for the 16 required reforms, but Kyiv said it only fulfilled 13, he wrote.

Advertisement

“Out of the three pending reforms, one is the law on the territorial organization of the executive authorities (so-called ‘decentralization reform’) and another [is] the law on the reform of ARMA. The third unfulfilled reform concerns the selection of judges in the High Anti-Corruption Court [HACC],” he wrote.

The payments for the unimplemented reforms are withheld for up to 12 months, during which reforms can be implemented.

The president has already formally registered the bill to restore the independence of the anti-graft agencies with the Verkhovna Rada, and it is expected to be passed and receive the full approval of Ukraine’s lawmakers on July 31.

Ukraine’s financing needs of approximately $30 billion were previously expected to be fully covered for 2025. Now they are jeopardized – in addition to this potential challenge, financing for Ukraine’s projected $46.3 billion budget deficit for 2026 has yet to be agreed.

As Russia’s full-scale invasion of Ukraine is expected to continue in 2026, when previously it was hoped it would have ended, $17.7 billion of the financing gap is necessary for Ukraine to finance its defense needs alone.

EP estimated that a failure to restore the independence of NABU and SAPO could cost $60 billion in financial aid to the state.

Ukraine’s newly appointed Prime Minister Svyrydenko is likely to seek more financing from the International Monetary Fund (IMF)and US Treasury Secretary Scott Bessent, as she aims to cover the continuing financial gap Ukraine faces due to Russia’s ongoing invasion.

The Biden Administration’s strategy of “just enough” for Ukraine – i.e., not enough to win – is now being adopted in a similar form by Europe. Kyiv is burning, yet again. On Friday evening into the early hours of Saturday, Russia unleashed a massive drone and missile attack on the Ukrainian capital.

“Just enough” is not only a losing strategy. It is also immoral and leading to further senseless Ukrainian civilian deaths.

JOIN US ON TELEGRAM Follow our coverage of the war on the @Kyivpost_official.

While Russia has mobilized its economy to win the war, Europe continues to provide weapons and ammunition to Ukraine in a piece-meal fashion, without a plan to defeat Russia. It’s about yet more “just enough” and legal solutions – condemnations and sanctions – to a kinetic war.

Advertisement

This least intrusive approach to Russia is not working; rather, it is having the opposite effect – instilling confidence within the Kremlin. European leaders are fearful of direct engagement with Russian forces for fear of potentially triggering World War III. Moscow does not seem to have that problem.

As the saying goes: “If you are not part of the solution, you are part of the problem,” and US President Donald Trump has now become part of the problem, telling reporters on Monday after his phone call with Russian President Vladimir Putin – “This isn’t my war.”

According to one European official, the president “simply doesn’t want to take sides.” And that is music to Putin’s ears.

The ball is now clearly in Europe’s court. Without US support, Putin is confident he can finally accomplish what he set out to do with his so-called “special military operation.”

As former Secretary of Defense Robert Gates stated on CBS News’ Face the Nation: “My own view, having dealt with him and having spent most of my life working on Russia and the Soviet Union, is Putin feels that he has a destiny to recreate the Russian Empire… And as my old mentor, Zbigniew Brzezinski once said, without Ukraine, there can be no Russian Empire.”

Advertisement

This is bigger than Ukraine though – it is just the tip of the iceberg – and the sooner Europe comes to that conclusion the better.

Alarming sound bites from Russian officials

Below are some prominent examples of what the Russian officials are saying out loud:

Russian presidential advisor Anton Kobyakov: “The Soviet Union continues to exist in a legal sense … the USSR remains legally intact.”

Defense Committee of the State Duma of the Russian Federation member Viktor Sobolev: “The complete solution to the goals of the special military operation is the creation of a single union state – Russia, Ukraine and Belarus. Restoration of the ‘Russian world’ within its immediate borders.”

Deputy Chairman of Russia’s Security Council Dmitry Medvedev: Russian demands might include the “complete and unconditional surrender of the former ‘Ukraine’ as represented by the neo-Nazi clique in Kiev.”

Russian Foreign Minister Sergei Lavrov: “Russia will accept nothing less than total victory over Ukraine.”

Russian presidential aide Vladimir Medinsky: “Russia is prepared to fight forever.”

And then Trump himself, telling European leaders that “Putin isn’t ready to end the war in Ukraine because he thinks he is winning.” Trump’s comments were later substantiated by Lavrov, who stated that Moscow has no interest in negotiating or agreeing to a ceasefire in Ukraine, proclaiming: “We have already been through this and don’t want it anymore.”

Playing into Putin’s hands

Despite sustaining nearly one million casualties – 977,650 to date – Putin believes he holds a winning hand. And now that Trump has essentially punted the problem to Europe, telling President Volodymyr Zelensky and European leaders after his call with Putin that “Russia and Ukraine would have to find a solution to the war themselves” – he may.

Advertisement

Ukraine can still defeat Russia, but Europe needs to find its Winston Churchill tout de suite. Images of German Chancellor Friedrich Merz, French President Emmanuel Macron, British Prime Minister Keir Starmer and Polish Prime Minister Donald Tusk seated around a table waiting on a Trump phone call does not instill fear in Putin.

Trump’s actions give Putin exactly what he wants – separation between the US and NATO – without firing a shot. The president’s pursuit of a deal with Russia has surpassed his willingness to support Ukraine and our NATO allies. He said just that in his X post after his phone call with Putin: “Russia wants to do large-scale TRADE with the United States when this catastrophic ‘bloodbath’ is over, and I agree. There is a tremendous opportunity for Russia to create massive amounts of jobs and wealth.” Trump seems willing to sit it out until the Kremlin prevails in the absence of a committed European response – then “do large-scale TRADE” with Russia.

With that said, Ukraine may need to hitch their horse to a different trailer, possibly withdrawing from the minerals deal it signed with the White House in April in favor of the EU.

Advertisement

Europe does not have time to debate the issue. Post Ukraine, there has been no shortage of predictions concerning timelines and intentions for follow-on Russian operations against NATO.

Colonel General Andrey Mordvichev has assumed command of Russian ground forces. His comments from July 2023 about Ukraine being a “stepping stone” should generate a sense of urgency for Europe.

Last week, satellite imagery revealed that Russian troops were “massing” along the border with Finland.

The Danish Defense Intelligence Service believes Russia could be ready to wage a “large-scale war” in Europe within five years. German security officials believe the Kremlin “is laying the groundwork for a potential large-scale conventional war with NATO by the end of the decade.”

Polish Foreign Minister Radoslaw Sikorski warns that “Russia could be ready to attack Europe by the end of the decade if Ukraine is forced to surrender.”

And now the International Institute for Strategic Studies believes that Moscow could pose “a significant military challenge to NATO allies, particularly the Baltic states, as early as 2027.” Merz announced the deployment of Germany’s 45th tank brigade to Lithuania shortly afterwards.

NATO’s best course of action is to arm Ukraine now to defeat Russia on home turf, rather than prepare for a broader Russian invasion. The EU’s €850 billion, four-year Readiness 2030 program may be too late.

Advertisement

Europe needs a plan – then the intestinal fortitude to execute it. In the words of Morgan Freeman’s character, Ellis Boyd ‘Red’ Redding, in “The Shawshank Redemption,” Europe needs to “Get busy living, or get busy dying.”

The views expressed are those of the authors and not necessarily of Kyiv Post.