A large-scale cyberattack hit Russian state-owned airline Aeroflot on Monday, causing widespread outages in its computer systems and forcing the cancellation of more than 100 flights, along with delays across its network. Russia’s Prosecutor General’s Office confirmed the incident and announced a criminal investigation into the breach.
Responsibility for the attack was claimed by two hacker groups: Ukraine’s Silent Crow and the Belarus Cyber-Partisans, an activist collective opposed to Belarusian President Alexander Lukashenko. This breach marks one of the most significant cyber intrusions in Russia since it launched its full-scale invasion of Ukraine in early 2022.
While past attacks on Russian infrastructure—such as those on government websites and the state-owned Russian Railways—have been disruptive, most services were restored quickly. This time, however, images circulating on social media showed large crowds of stranded passengers at Moscow’s Sheremetyevo Airport, where Aeroflot is headquartered.
The cyberattack also affected Aeroflot’s subsidiaries, Rossiya and Pobeda, disrupting both domestic and international routes. Flights to Belarus, Armenia, and Uzbekistan were among those canceled.
Aeroflot issued a public warning early Monday stating it was experiencing unspecified technical issues, cautioning travelers about potential disruptions. Later, Russian authorities confirmed the airline had been the target of a cyberattack.
Kremlin spokesperson Dmitry Peskov called the reports “quite alarming,” emphasizing that cyber threats remain a constant risk for major service providers.
The Silent Crow group claimed to have had access to Aeroflot’s internal systems for a full year. In a statement posted on Telegram, they said they had downloaded internal communications, employee surveillance data, customer records, and even audio from phone calls. According to the group, they destroyed or made inaccessible large volumes of data, suggesting that recovery efforts could cost tens of millions of dollars.
Screenshots of Aeroflot’s internal IT environment were also shared on Telegram by the group, which hinted that some of the stolen information may be released in the coming days. “The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip — just without luggage,” the group quipped in a post.
The Belarus Cyber-Partisans said their goal was to deal a “crushing blow.” Group coordinator Yuliana Shametavets described the incident as one of their largest and most damaging operations to date. She explained that the team had spent months preparing the breach and exploited several vulnerabilities to gain access to Aeroflot’s systems.
This group is known for previous attacks on Belarusian state agencies and claimed last year to have infiltrated the country’s KGB network.
Belarus remains a close ally of Russia. President Lukashenko has ruled the country for over three decades with significant support from Moscow, including economic aid. He also allowed Russia to use Belarusian territory to launch the 2022 invasion of Ukraine and has hosted Russian tactical nuclear weapons.
Russia’s aviation sector has faced mounting challenges this summer, including repeated flight delays caused by Ukrainian drone strikes. Safety concerns have led to temporary shutdowns of airports and further strained the country’s transportation infrastructure.
Also Read:
Japan Posts Trade Deficit as Trump’s Tariffs Weigh on Exports
Republicans Weigh Modifications to Trump’s $9.4 Billion Spending Cut Proposal
