Aeroflot Cyberattack: How Hacktivist Groups Grounded Russia’s Flag Carrier

Aeroflot Cyberattack: How Hacktivist Groups Grounded Russia’s Flag Carrier

Overview

On July 28, 2025, Russia’s state-owned airline Aeroflot suffered a crippling cyberattack, forcing the cancellation of dozens—possibly over 100—flights and causing widespread operational chaos. The Russian Prosecutor-General confirmed the incident as a hack and opened a criminal investigation.

What Happened?

Reports vary on the scale of disruption: some noted over 100 canceled flights, while others counted between 50 and 60. The attack also caused long delays and forced airports to rely on manual procedures, leaving thousands of passengers stranded in Moscow’s Sheremetyevo Airport and beyond.

Who Claimed Responsibility?

Two pro-Ukraine hacktivist groups—Silent Crow from Ukraine and the Belarusian Cyber-Partisans—claimed responsibility. They stated that the attack was the culmination of a year-long infiltration, during which they allegedly destroyed 7,000 servers and exfiltrated between 12 and 20 terabytes of sensitive data. This included flight records, internal communications, employee data, and surveillance materials.

Scale of Damage

The cyberattack disrupted Aeroflot’s entire IT infrastructure, paralyzing its ticketing, scheduling, and communication systems. Hackers claimed to have deleted flight records and rendered critical internal systems unusable. Leaked samples of stolen data reportedly included internal logs and flight details from Aeroflot’s CEO.

Immediate Impact and Government Response

Airports experienced massive passenger queues, non-functioning display boards, and check-in delays. The Kremlin described the situation as “alarming,” and Russian lawmakers called it a warning signal for the country’s critical infrastructure. Authorities stressed the need for stronger defenses against politically motivated cyberattacks.

Aftermath and Recovery

Within 24 hours, Aeroflot began restoring operations, resuming the majority of scheduled flights. However, lingering delays and cancellations continued for days. Hacktivists signaled plans to release stolen data, which could escalate the crisis from operational disruption to a reputational and privacy disaster.

Key Takeaways

  • Operational Disruption: The attack showed how cyber operations can halt critical services like aviation.
  • Espionage and Sabotage: The combination of long-term infiltration, data theft, and destruction highlights a new wave of politically motivated attacks.
  • Privacy Risks: The possible leak of sensitive passenger and employee data could have long-term consequences.
  • Weak Cyber Hygiene: Indications suggest Aeroflot’s systems suffered from vulnerabilities such as outdated infrastructure and poor access management.
  • Wake-Up Call: The attack demonstrates the urgent need for stronger cybersecurity across the aviation sector worldwide.

Conclusion

The Aeroflot cyberattack is a powerful reminder that in modern warfare, the battlefield extends into cyberspace. Airlines and other critical infrastructure providers must prioritize resilience, proactive monitoring, and rapid response strategies. The incident not only disrupted flights but also exposed the fragility of essential services in an era of escalating cyber conflict.