Russia experiencing airline losses potentially caused by suspected cyber assaults
In late July 2025, Aeroflot, Russia's national airline, faced a significant setback as pro-Ukrainian hacker groups, Silent Crow and the Belarusian Cyberpartisans BY, launched a coordinated cyberattack on the airline's IT systems. The attack, which targeted Aeroflot's internal infrastructure, resulted in the cancellation of over 100 flights and caused large-scale operational disruptions.
The hackers allegedly destroyed approximately 7,000 servers and stole about 20 terabytes of data after a year-long infiltration campaign. They claimed responsibility for the operation on Telegram, describing it as a "prolonged and large-scale" campaign culminating in extensive data theft and infrastructure destruction.
The impact was immediate and severe. Dozens to over 100 flights were cancelled, stranding travelers at Moscow's Sheremetyevo Airport and causing significant disruption to Russia's national carrier service. The cyberattack amounted to a complete compromise of Aeroflot’s information systems, severely affecting airline operations.
Russian authorities initiated a criminal investigation into the incident, acknowledging a significant failure in Aeroflot’s IT systems due to hacking. Kremlin officials expressed serious concern over the threat such cyberattacks pose to major service providers in Russia.
The attack comes amid ongoing tensions, including drone attacks on Russian airports affecting flights during the summer of 2025. The Russian Prosecutor General’s Office launched supervisory measures to manage flight delays and cancellations at key airports.
Silent Crow, formed in late 2024, has a known track record, claiming prior attacks on Russian entities, including the real estate registry (Rosreestr), a telecom company (Rostelecom), and others. The hackers posted messages celebrating Ukraine and Belarus, underlining their political motivation.
In response, Russia’s Prosecutor General’s Office launched a criminal investigation and implemented supervisory measures to manage flight delays and cancellations at key airports. Kremlin spokesperson Dmitry Peskov acknowledged the ongoing risk posed by hacker threats to large Russian companies.
The attack is seen as a significant escalation in pro-Ukrainian cyber operations targeting Russian critical infrastructure, with substantial operational and reputational damage to Aeroflot. However, detailed forensic evidence remains confined to the hackers’ claims and official Russian statements about system failures.
The Russian government has started direct flights to North Korea once a month, potentially as a response to the flight disruptions caused by Ukrainian drone attacks and hacker groups. The frequency of Ukrainian drone attacks has led to massive losses for Russian airlines due to the frequent closures of airspace. Ukrainian domestic passenger flights have not been possible for more than three years due to the Russian war of aggression.
The incident has sparked concern for the Russian domestic security service FSB and other Moscow cybersecurity agencies. Passengers at Sheremetyevo Airport were stranded due to flight disruptions caused by Ukrainian drone attacks. Kremlin spokesman Peskov stated that the threat from hackers is a danger that all large companies serving the public face. The Ukrainians are reportedly pleased with the new disruptions in Russian flights.
Experts from Aeroflot are working to restore the operation of the servers to resume regular flight operations. Hundreds of passengers had to retrieve their luggage and leave the airport as a result of the disruptions. The incident serves as a stark reminder of the increasing threat posed by cyberattacks to critical infrastructure and the need for robust cybersecurity measures.
[1] https://www.reuters.com/world/europe/russias-aeroflot-says-it-suffered-cyber-attack-2021-07-30/ [2] https://www.theguardian.com/world/2025/jul/30/russias-aeroflot-hit-by-cyberattack-as-hackers-claim-responsibility [3] https://www.bbc.co.uk/news/world-europe-58326026
- Amidst growing concerns over cybersecurity, the escalating number of pro-Ukrainian cyberattacks targeting Russian critical infrastructure, such as the recent attack on Aeroflot's employment policies and cybersecurity systems, poses a significant threat to large companies.
- As technology advances, so does the sophistication of cyberattacks. In the aftermath of the coordinated cyberattack on Aeroflot, there is an overwhelming need for employment policies and security measures to be updated and strengthened to protect against these digital wars-and-conflicts.
- With general-news outlets reporting on the ongoing struggles between Russia and Ukraine, there is a clear political motivation in the cyberattacks against entities like Aeroflot, highlighting the danger of crime-and-justice issues being exploited in the realm of cyber warfare.
