On July 28, 2025, Russia’s flagship airline, Aeroflot, faced a significant operational crisis following a cyberattack that led to the cancellation of at least 49 flights and numerous delays. The hacker groups Silent Crow and Belarusian Cyber Partisans claimed responsibility for the attack, stating they had infiltrated Aeroflot’s IT systems over the past year. ([ft.com](https://www.ft.com/content/9114257b-94cf-4726-b8cc-7e71b3304c8a?utm_source=openai))
The Cyberattack Unveiled
Silent Crow and Cyber Partisans announced that they had been embedded within Aeroflot’s corporate network for a year, methodically expanding their access to the airline’s critical systems. They claimed to have destroyed approximately 7,000 physical and virtual servers and exfiltrated around 20 terabytes of sensitive data. This data reportedly includes flight history databases, internal communications, and surveillance records. ([ft.com](https://www.ft.com/content/9114257b-94cf-4726-b8cc-7e71b3304c8a?utm_source=openai))
Operational Disruptions and Passenger Impact
The cyberattack led to the immediate cancellation of 49 flights and delays for many others. Aeroflot’s main hub, Sheremetyevo Airport in Moscow, experienced significant congestion as passengers faced uncertainty and frustration. The airline acknowledged the system failure and assured that efforts were underway to restore normal operations promptly. ([ft.com](https://www.ft.com/content/9114257b-94cf-4726-b8cc-7e71b3304c8a?utm_source=openai))
Official Response and Investigation
In response to the attack, Russia’s Prosecutor General’s Office confirmed the incident and initiated a criminal investigation into unauthorized access to Aeroflot’s computer systems. Kremlin spokesperson Dmitry Peskov described the reports of the cyberattack as alarming, emphasizing the persistent cybersecurity threats faced by major service providers. ([ft.com](https://www.ft.com/content/9114257b-94cf-4726-b8cc-7e71b3304c8a?utm_source=openai))
Broader Cybersecurity Concerns
This incident is part of a series of cyberattacks targeting Russian state enterprises amid ongoing geopolitical tensions. Other recent targets include Rosreestr, Rostelecom, Gazprom, Russian Railways, the Moscow metro, and internet provider ASVT. These attacks highlight the escalating cybersecurity challenges confronting Russia’s critical infrastructure. ([ft.com](https://www.ft.com/content/9114257b-94cf-4726-b8cc-7e71b3304c8a?utm_source=openai))
Implications for Aeroflot and the Aviation Industry
The cyberattack on Aeroflot underscores the vulnerabilities within the aviation sector’s digital infrastructure. The extensive data breach and operational disruptions may have long-term repercussions for the airline’s reputation and financial stability. This incident serves as a stark reminder of the importance of robust cybersecurity measures in safeguarding critical transportation services.
