Cyberattack on Aeroflot causing mass flight disruptions, Russia says

Russian authorities confirmed on Monday that Aeroflot, the country’s largest airline and national carrier, has been hit with a cyberattack causing widespread flight delays and cancellations.

Aeroflot said a “technical failure” was to blame for the disruption, which began Monday morning and has forced the airline to cancel more than 50 flights, including on popular domestic routes such as Moscow, St. Petersburg and Sochi. Some flights planned for later in the week were also canceled.

The company said it is working to restore normal operations and promised to refund passengers or rebook their tickets once its systems are back online. Aeroflot’s shares dropped nearly 4% on Monday. The disruptions also hit the company’s subsidiaries, Rossiya and Pobeda.

Local media shared photos and videos from Russian airports showing long lines of passengers and flight boards filled with delays, especially on domestic routes. At Moscow’s Sheremetyevo Airport, Aeroflot’s main hub, passengers whose flights were canceled were asked to leave the terminal to reduce crowding. Airport staff handed out free water, sandwiches, and food vouchers to stranded travelers.

Pro-Ukrainian hacker group Silent Crow, along with the Belarusian Cyber-Partisans, claimed responsibility for the attack. Both groups are known for previous cyber operations against critical infrastructure in Russia and Belarus.

In a statement posted on Telegram, the hackers claimed to have completely compromised and destroyed Aeroflot’s IT infrastructure. They said they had stolen the airline’s entire database of flight history, audio recordings of internal calls and surveillance data, including information on staff monitoring systems.

Silent Crow said it had maintained access to Aeroflot’s corporate network for over a year, gradually deepening its foothold within the infrastructure. 

“Restoration will likely require tens of millions of dollars. The damage is strategic,” the group claimed.

While Silent Crow is a relatively unknown actor, it has been linked to several disruptive cyberattacks in Russia, including a breach of Rosreestr, the federal agency overseeing land and property registries, and an attack on a contractor of major telecom operator Rostelecom. Russian investigative journalists previously said that Silent Crow might just be a cover name for a better-known hacking group wishing to stay anonymous.

The Belarusian Cyber-Partisans have previously targeted Russian and Belarusian infrastructure, including in a cyberattack on the Belarusian Railway in 2022 that allegedly disrupted Russian arms shipments to Ukraine.

“We’re helping Ukrainians fight the occupiers by paralyzing Russia’s largest airline and inflicting massive financial damage,” the group said in a statement on Monday.

The Aeroflot hack is one of the few times Russian officials have publicly confirmed a cyberattack. Kremlin spokesperson Dmitry Peskov called the reports of the hack “concerning” and said the government was awaiting further clarification.

Russia’s prosecutors have opened a criminal case over the unauthorized access to Aeroflot’s systems, but prosecution is unlikely since the attackers haven’t been identified.

This is not the first time Russia’s aviation sector has been targeted by Ukraine-linked hackers. In 2023, Ukraine’s military intelligence agency (HUR) claimed responsibility for a cyberattack on Russia’s government’s civil aviation agency, Rosaviatsiya. A year earlier, the agency reportedly had to switch to pen and paper after a severe cyberattack shut down its network and allegedly erased 18 months of emails — possibly the result of a supply chain compromise.

In another incident earlier this year, HUR said it had breached the internal systems of Russia’s state-owned aircraft manufacturer Tupolev, shortly after Ukraine launched a series of drone strikes on Russian airbases.

Flight disruptions across Russia have also become increasingly frequent in recent weeks due to Ukrainian drone attacks, some of which have affected Aeroflot operations.