Russian airline Aeroflot hit by major cyberattack, over 100 flights disrupted

A large-scale cyberattack on Russia’s state-owned airline Aeroflot brought the carrier’s IT systems to a standstill on Monday, causing widespread disruption to flight operations. More than 100 flights were cancelled, with many others facing significant delays, according to Russia’s prosecutor’s office.

Responsibility for the attack was claimed by two anti-Kremlin hacker groups: the Ukrainian collective Silent Crow and the Belarus Cyber-Partisans, a group opposing Belarusian President Alexander Lukashenko’s regime.

The incident marks one of the most severe cyber disruptions Russia has faced since its full-scale invasion of Ukraine began in February 2022. While past attacks have hit government platforms and major firms such as Russian Railways, those services were typically restored within hours.

At Moscow’s Sheremetyevo Airport, Aeroflot’s main hub, images shared online showed large crowds of stranded travellers. The outage also affected Aeroflot’s subsidiary airlines, Rossiya and low-cost carrier Pobeda.

More from World

Cancelled flights, blackouts, internet shutdown: The daily problems of being in a state of war Donald Trump’s new '10 or 12 days' deadline to end Ukraine war. Is Russia bothered?

While most of the flights affected were domestic, the disruption also led to cancellations for some international flights to Belarus, Armenia and Uzbekistan.

In a statement released early Monday, Aeroflot warned passengers that the company’s information technology system was experiencing unspecified difficulties and that disruption could follow.

Russia’s Prosecutor’s Office later confirmed that a cyberattack had caused the outage and that it had opened a criminal investigation.

Kremlin spokesperson Dmitry Peskov called reports of the cyberattack “quite alarming,” adding that “the hacker threat is a threat that remains for all large companies providing services to the general public.”

Silent Crow claimed it had accessed Aeroflot’s corporate network for a year, copying customer and internal data, including audio recordings of phone calls, data from the company’s own surveillance on employees and other intercepted communications.

Impact Shorts

More Shorts

‘The cries of this widow will echo’: In first public remarks, Erika Kirk warns Charlie’s killers they’ve ‘unleashed a fire’

Trump urges Nato to back sanctions on Russia, calls for 50–100% tariffs on China

“All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic,” the channel purporting to be the Silent Crow group wrote on Telegram. There was no way to independently verify its claims.

The same channel also shared screenshots that appeared to show Aeroflot’s internal IT systems, and insinuated that Silent Crow could begin sharing the data it had seized in the coming days.

“The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip — albeit without luggage and to the same destination,” it said.

The Belarus Cyber-Partisans told The Associated Press that they had hoped to “deliver a crushing blow.” The group has previously claimed responsibility for a number of cyberattacks, and said in April 2024 that they had been able to infiltrate the network of Belarus’ main KGB security agency.

“This is a very large-scale attack and one of the most painful in terms of consequences,” group coordinator Yuliana Shametavets said. She said that the group had been preparing the attack for several months, and were able to penetrate the Aeroflot network by exploiting various vulnerabilities.

Belarus is a close ally of Russia. Lukashenko, who has ruled Belarus with an iron hand for more than 30 years and has relied on Russian subsidies and support, allowed Russia to use his country’s territory to launch a full-scale invasion of Ukraine on Feb. 24, 2022, and to deploy some of Moscow’s tactical nuclear weapons in Belarus.

Russia’s airports have repeatedly faced mass delays over the summer as a result of Ukrainian drone attacks, with flights grounded amid safety concerns.

With inputs from agencies