A massive cyberattack on Aeroflot, Russia’s state-owned airline, triggered a widespread outage of its IT systems on Monday, forcing the cancellation of over 100 flights and delaying many others, according to Russia’s Prosecutor’s Office. The incident also impacted operations at Aeroflot subsidiaries Rossiya and Pobeda, causing significant disruptions across Moscow’s Sheremetyevo Airport.
Two hacker groups have claimed responsibility: Silent Crow, a Ukrainian collective, and the Belarus Cyber-Partisans, who oppose Belarusian President Alexander Lukashenko. The attack is being described as one of the most damaging to a Russian airline in recent times.
Aeroflot issued an early warning to passengers on Monday, stating that its information systems were facing technical issues that could impact flight schedules. Later, Russian authorities confirmed the cyberattack and launched a criminal investigation into the matter.
Kremlin spokesperson Dmitry Peskov acknowledged the seriousness of the incident, stating that “the hacker threat is a threat that remains for all large companies providing services to the general public.”
Silent Crow claimed it had infiltrated Aeroflot’s corporate network for over a year, collecting internal communications, surveillance data, customer information, and even audio recordings of calls. The group boasted on Telegram that restoring the damaged systems could cost the airline tens of millions of dollars, describing the breach as “strategic.”
“The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip — albeit without luggage and to the same destination,” the group posted online, hinting at the potential release of the stolen data. Screenshots allegedly showing internal IT dashboards were also shared, but these claims have not been independently verified.
The Belarus Cyber-Partisans also told the Associated Press they aimed to “deliver a crushing blow” and had been preparing for months, exploiting vulnerabilities to breach the system. Group leader Yuliana Shametavets described the attack as “very large-scale and one of the most painful in terms of consequences.”
Belarus, a close Russian ally, has previously allowed Russia to use its territory for military operations, including the 2022 invasion of Ukraine. This cyberattack adds to the ongoing challenges faced by Russia’s aviation sector, which has also endured repeated drone-related delays throughout the summer.
