Russia - Jul 28, 2025 - Aeroflot, Russia’s state-owned flagship airline, was struck by a significant cyberattack that disrupted its operations across the country. The attack led to the cancellation of more than 60 flights and delays of numerous others, primarily affecting domestic routes and select international flights to destinations such as Belarus, Armenia, and Uzbekistan. The incident caused widespread disruption at Moscow’s Sheremetyevo International Airport, one of Aeroflot’s main hubs, where passengers faced long delays and cancellations during a peak travel period.
The cyberattack was claimed by two hacker groups: Silent Crow, a pro-Ukrainian group known for targeting Russian organizations, and Belarus Cyber-Partisans, a Belarusian hacker collective. The groups cited Russia’s ongoing war in Ukraine as the motivation for their actions, framing the attack as a form of digital retaliation. The hackers claimed to have taken control of Aeroflot’s critical systems, destroyed parts of its infrastructure, and accessed sensitive data, including personal information of passengers who have flown with the airline.
Details of the Cyberattack
The cyberattack began started this morning, and quickly impacted Aeroflot’s operations. According to a Telegram post by Silent Crow, the hackers gained access to the airline’s internal systems, including its active directory and file shares. They claimed to have extracted terabytes of internal company data and destroyed critical systems, rendering them inoperable. Screenshots shared by the hackers allegedly showed their access to these systems, demonstrating the depth of the breach.
Aeroflot’s website was taken offline, displaying an error message stating that it was “temporarily restricted.” This outage prevented passengers from accessing flight information or making bookings online. The attack also affected Aeroflot’s subsidiaries, Rossiya and Pobeda, leading to additional flight disruptions. Footage from Sheremetyevo International Airport showed departure boards listing dozens of cancelled flights, highlighting the scale of the disruption.
| Key Information | Details |
|---|---|
| Affected Airline | Aeroflot, Russia’s largest airline |
| Number of Flights Cancelled | More than 60 (confirmed by Russian prosecutors) |
| Number of Flights Delayed | Numerous (exact number varies by source) |
| Hacker Groups | Silent Crow (pro-Ukrainian), Belarus Cyber-Partisans |
| Hacker Claims | Control of critical systems, system destruction, access to passenger data |
| Evidence | Screenshots of internal systems, Telegram post |
| Service Impact | Website unavailable, error message: “temporarily restricted” |
| Affected Locations | Sheremetyevo International Airport, domestic and select international routes |
| Official Response | Criminal investigation under Part 4 Article 272 of Russian Criminal Code |
| Hotline for Passengers | +7 999 663 38 09 |
Official Response and Investigation
Russian prosecutors confirmed that more than 60 flights were cancelled due to the cyberattack and have launched a criminal investigation under Part 4 of Article 272 of the Russian Criminal Code, which addresses unauthorized access to computer systems. The investigation aims to identify the perpetrators and assess the full extent of the damage caused by the attack. A statement from the prosecutors’ office emphasized the severity of the incident and the need to protect critical infrastructure.
Aeroflot established a hotline (+7 999 663 38 09) to assist affected passengers, providing support for rebooking and refunds. The airline has not yet released a detailed statement on the attack’s impact or the timeline for restoring full operations. The Kremlin described the situation as “worrying,” and senior lawmaker Anton Gorelkin called it a “wake-up call” for Russia’s digital defenses, suggesting that the hackers may be acting in the service of “unfriendly states.”
Geopolitical Context
The cyberattack on Aeroflot is part of a broader pattern of cyberattacks targeting Russian organizations amid the ongoing Russia-Ukraine conflict. Silent Crow and other pro-Ukrainian hacker groups have previously claimed responsibility for breaches of Russian systems, including a reported attack on Russia’s real estate registry earlier in 2025. The hackers’ actions are often framed as a response to Russia’s military actions in Ukraine, highlighting the increasing role of cyberattacks in geopolitical conflicts.
The involvement of Belarusian hackers, specifically the Cyber-Partisans, adds another layer of complexity, given Belarus’s close ties to Russia. The collaboration between Ukrainian and Belarusian groups suggests a coordinated effort to disrupt Russian infrastructure. The hackers concluded their Telegram statement with the slogans “Glory to Ukraine!” and “Long live Belarus!” indicating their solidarity with Ukraine and opposition to the Russian and Belarusian governments.
Broader Implications
The cyberattack on Aeroflot underscores the vulnerability of critical infrastructure to cyberattacks, particularly in the context of geopolitical tensions. The hackers’ claim of accessing personal data raises significant privacy concerns, as the breach could affect millions of passengers. The incident also highlights the challenges of securing large-scale IT systems against sophisticated and politically motivated attacks.
As cyberattacks become a more prominent tool in international conflicts, organizations and governments worldwide are likely to face increased pressure to strengthen their cybersecurity measures. For Aeroflot, the immediate priority is restoring operations and addressing passenger needs, while the long-term focus will likely involve a comprehensive review of its cybersecurity protocols to prevent future disruptions.
