On July 28, 2025, Russia’s flagship airline, Aeroflot, faced a significant operational crisis due to a cyberattack that led to the cancellation of at least 49 flights and widespread service disruptions. The hacker group Silent Crow, in collaboration with Belarusian Cyber Partisans, claimed responsibility for the attack, citing opposition to Russia’s actions in Ukraine and Belarus.
Operational Impact
The cyberattack caused a failure in Aeroflot’s information systems, resulting in numerous flight cancellations and delays. Affected routes included domestic flights to cities like Yekaterinburg and Kaliningrad, as well as international destinations such as Minsk and Yerevan. Passengers at Moscow’s Sheremetyevo International Airport, Aeroflot’s primary hub, experienced significant disruptions, with long queues and confusion as they sought information and assistance. The airline advised passengers to monitor real-time updates through airport websites and information displays.
Extent of the Cyberattack
Silent Crow and Belarusian Cyber Partisans claimed that they had infiltrated Aeroflot’s IT infrastructure for a year, during which they:
– Destroyed approximately 7,000 physical and virtual servers.
– Stole 20 terabytes of data, including 12 TB of databases, 8 TB of internal files, and 2 TB of corporate emails.
– Accessed flight history databases and critical corporate systems.
– Gained control over employees’ personal computers, including those of top management.
– Extracted data from surveillance systems and intercepted communications.
The hackers stated that all these resources are now inaccessible or destroyed, warning that recovery could take months and cost tens of millions of dollars.
Official Response
The Russian Prosecutor General’s Office confirmed the cyberattack and initiated a criminal investigation into unauthorized access to Aeroflot’s computer systems. Kremlin spokesperson Dmitry Peskov described the incident as alarming and highlighted the persistent cybersecurity threats faced by major service providers.
Passenger Experience
The system failure directly impacted Aeroflot’s customer service platforms, including ticketing, boarding, and refund processing. Many passengers were informed that ticket counters could not process cancellations or rebookings. Travelers were advised to:
– Leave Sheremetyevo Airport to avoid overcrowding.
– Contact Aeroflot’s hotline or rebooking agents within the next 10 days.
– Submit refund and rescheduling requests online or through their original purchase channels.
This left hundreds of frustrated passengers, many with children and luggage, scrambling to adjust their travel plans without any on-site support, highlighting Aeroflot’s inadequate crisis management infrastructure.
Broader Cybersecurity Implications
This attack is the latest in a series of cyber incidents targeting Russian digital infrastructure, often attributed to pro-Ukrainian digital resistance groups. Since the 2022 invasion of Ukraine, energy providers, rail services, government portals, and even banks in Russia have been targeted. Experts warn that:
– Russia’s civil aviation sector is now an open target.
– Hybrid warfare now includes digital attacks meant to destabilize civilian logistics.
– International carriers may soon need to upgrade airline cybersecurity protocols.
Cyberwarfare has become a new battlefield in the Russia-Ukraine conflict, with major ripple effects on public safety, economic systems, and global travel.
