Russian carrier Aeroflot cancels 100+ flights after cyberattack

Ukrainian group Silent Crow and Belarus Cyber-Partisans claimed responsibility for the cyberattack on Aeroflot, marking one of the most serious cyber incidents in Russia since the 2022 invasion of Ukraine, with prolonged IT disruption

A significant cyberattack targeted Russia’s state-owned airline Aeroflot on Monday, causing widespread disruption to its computer systems and forcing the cancellation of more than 100 flights, according to Russia’s prosecutor’s office. The breach also led to delays in numerous other flights operated by Aeroflot and its subsidiaries, Rossiya and Pobeda.

The hacker groups Silent Crow from Ukraine and the Belarus Cyber-Partisans claimed responsibility for the attack, which is among the most severe cyber incidents to impact Russia since its full-scale invasion of Ukraine began in February 2022. While prior cyberattacks primarily targeted government websites and state-owned companies like Russian Railways, those disruptions were typically resolved within hours. In contrast, Monday’s attack severely affected Aeroflot’s IT infrastructure.

Social media posts showed scenes of crowded terminals at Moscow’s Sheremetyevo airport, Aeroflot’s main hub, as passengers faced long delays. Though mostly impacting domestic flights, some international routes to Belarus, Armenia, and Uzbekistan were also cancelled.

Aeroflot issued an early morning statement warning customers of technical difficulties within its IT systems, foreshadowing potential flight disruptions. Later, Russia’s Prosecutor’s Office confirmed the incident was the result of a cyberattack and launched a criminal investigation.

Cyberattack raises security concerns

Kremlin spokesperson Dmitry Peskov described the cyber threat as "quite alarming" and emphasized the ongoing risks faced by large service providers.

Silent Crow claimed to have had access to Aeroflot’s corporate network for over a year, allegedly extracting sensitive data including customer information, internal communications, phone call recordings, and employee surveillance data. The group suggested the attack caused strategic damage requiring millions to repair and hinted at possible public release of stolen data. Independent verification of these claims was not possible.

Meanwhile, Belarus Cyber-Partisans said they had been preparing the attack for months and aimed to deliver a "crushing blow." The group previously penetrated Belarus’ main KGB agency’s network and opposes Belarusian President Alexander Lukashenko, a close Russian ally who has supported Moscow’s invasion of Ukraine.

This cyberattack adds to a summer marked by significant operational disruptions at Russian airports due to Ukrainian drone strikes, further complicating Russia’s aviation sector amid ongoing geopolitical tensions.