‍MOSCOW — Russia’s flag carrier Aeroflot (SU) was hit by a major cyberattack that forced the cancellation and delay of dozens of flights, disrupted airports and subsidiary operations, and exposed vulnerabilities in critical national infrastructure.

Operational Disruptions

• Aeroflot cancelled approximately 54 round‑trip flights on July 28 alone, with dozens being cancelled the following day.
  
  
• Most affected flights were domestic, though several international routes to Minsk (Belarus), Yerevan (Armenia), and Tashkent (Uzbekistan) were also impacted.
  
  
• Services across Aeroflot’s subsidiaries Rossiya and Pobeda were also disrupted.
  
  
• By July 29, operations were largely stabilised, with 93% of flights back on schedule.

Cyberattack & Hacker Groups

• Two pro‑Ukraine hacktivist groups, Silent Crow and the Belarusian Cyber Partisans, claimed responsibility, stating the breach stemmed from a year‑long infiltration of Aeroflot’s systems.
  
  
• Silent Crow alleges that they destroyed roughly 7,000 servers, exfiltrated 12 to 20 terabytes of data, and accessed passenger and internal communications, including surveillance information.
  
  
• The groups posted messages on Telegram declaring victory and threatening to publish the stolen data, including statements like:
  “The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip.”

Government & Industry Response

• Russia’s Prosecutor General’s Office confirmed that a criminal investigation has been launched into the cyber intrusion.
  
  
• Kremlin spokesman Dmitry Peskov described the attack as “quite alarming,” warning of persistent cyber threats to major public-facing service providers.
  
  
• Russian lawmakers called the incident a "wake-up call" to improve cybersecurity across critical infrastructure sectors.

Wider Implications & Context

• This incident ranks among the most serious cyberattacks Russia has seen, drawing comparisons to earlier disruptions caused by Ukrainian drone strikes on airports. It’s also part of a growing wave of cyber warfare that’s been unfolding since the Russia-Ukraine conflict broke out in 2022.
  
  
• Silent Crow and the Cyber Partisans have previously targeted institutions, including state telecoms, land registries, government departments, and financial firms, often with a hacktivist, not financially motivated, approach.
  
  
• Experts say the Aeroflot hack wasn’t just about disruption. It hit passenger systems, crew operations, and overall morale, while also pushing Russia’s digital security measures in aviation into the spotlight.

Passenger Impact: Delays, Frustration, and Uncertainty

The cyberattack threw Aeroflot’s operations into chaos, leaving many passengers stranded and desperately looking to make new travel plans with minimal assistance. At major airports like Moscow Sheremetyevo (SVO), travelers faced long lines, frozen check-in counters, and no access to flight information as the airline’s digital systems went down. Both the website and mobile app were affected, offering no live updates and leaving passengers confused and frustrated. 

Social media was filled with complaints, as people struggled to reach customer support, and some were forced to spend the night at the airport without any clear rebooking help. Others missed connecting flights or important meetings. Baggage handling and ticketing were also hit, leading to more delays and confusion across both domestic and international flights.

Bottom Line

The Aeroflot hack brought operations to a standstill, with flights grounded and passengers left confused and stranded. There’s a good chance that a significant amount of personal and internal data was stolen. While the airline did manage to bounce back quickly, with most flights back in the air within two days, the whole episode has raised some serious concerns. It showed just how exposed airline systems can be when hit by a well-planned attack. 

What makes this even more complicated is that the hackers weren’t after money; they had a political motive, turning Aeroflot’s digital systems into a battleground. As the investigation unfolds, this attack might end up being a wake-up call for the entire aviation industry on just how real and dangerous cyber threats have become.

Stay tuned and keep following Airways. Follow us on LinkedIn and Instagram for the latest updates as well!