Russia’s national airline Aeroflot was forced to cancel over 60 flights on Monday after falling victim to a significant cyberattack that disrupted its core digital systems. The incident, which unfolded early in the day, brought operations to a standstill at major airports across the country, including Moscow’s Sheremetyevo International Airport, leaving thousands of passengers stranded and many more confused.
Aeroflot’s official website became inaccessible shortly after the attack, displaying a message indicating that access had been “temporarily restricted.” Departure boards in Sheremetyevo showed rows of canceled flights, and footage shared from inside the terminal revealed long queues and anxious travelers scrambling for answers.
Hacker Group ‘Silent Crow’ Claims Attack
Responsibility for the cyberattack was quickly claimed by a pro-Ukrainian hacking group known as Silent Crow, which is known for targeting Russian institutions. In a Telegram post, the group said it had infiltrated Aeroflot’s digital infrastructure, gaining access to internal systems and large volumes of sensitive company data. According to the hackers, several systems were deliberately sabotaged as part of their campaign against Russia’s war in Ukraine.
They also posted screenshots that appeared to show internal directories and shared files from Aeroflot’s network. The group alleged that it now holds personal data of all individuals who have ever flown with the airline—a claim that, if true, could expose the personal details of millions of Russian citizens.
The post added that Belarusian hackers collaborated in the operation, making this a joint effort between groups opposed to Russia’s ongoing military aggression.
Russian Authorities Confirm Attack, Launch Investigation
Russia’s Prosecutor General’s Office later confirmed the cyberattack and acknowledged the scope of the disruption. Officials reported that more than 60 flights had been canceled and confirmed that a criminal investigation had been initiated. No further details were provided about the nature of the breach or the specific vulnerabilities exploited by the attackers.
As of Monday evening, there had been no official statement from Aeroflot or the country’s cybersecurity agencies, including the Federal Security Service (FSB). Passengers and airline employees remain largely in the dark regarding the extent of the damage and when full operations might resume.
Passengers Face Chaos and Uncertainty
Travelers arriving at Russian airports were met with confusion and frustration. With Aeroflot’s digital systems down, customer service teams were unable to rebook flights, issue boarding passes, or provide accurate updates.
Visuals from Sheremetyevo Airport showed chaotic scenes—crowded terminals, blank information screens, and long lines of passengers trying to get answers. Many reported being unable to reach Aeroflot’s call centers or use the airline’s mobile app, further compounding the problem.
The airline’s silence on social media and other platforms has fueled criticism over its crisis communication strategy.
Data Security Fears Intensify
The hackers’ claims that they had accessed and destroyed critical IT infrastructure—and obtained personal data of all Aeroflot passengers—have sparked widespread concern. If accurate, this breach would be one of the largest data exposures in Russia’s civil aviation history.
Cybersecurity professionals say the screenshots shared by the attackers, which appear to show access to internal networks and employee directories, indicate that the hackers likely had deep, sustained access to Aeroflot’s systems. Such access could allow for data theft, long-term sabotage, or the planting of backdoors for future attacks.
The extent to which passenger data was compromised remains unclear. However, cybersecurity experts warn that the loss or exposure of such information could lead to serious consequences, including identity theft or targeted phishing campaigns.
Attack Adds to Growing Pattern of Digital Warfare
This latest breach is part of an escalating series of cyberattacks aimed at Russian institutions since the start of the full-scale war in Ukraine. Pro-Ukraine hacktivist groups have previously targeted Russian state media, railways, banks, and now—its flagship airline.
Silent Crow has been linked to several of these operations and appears to be working in coordination with other hacker groups based in Eastern Europe. Their stated goal is to disrupt the internal stability of Russia by exposing weaknesses in its digital infrastructure.
Observers note that Monday’s attack on Aeroflot marks one of the most high-profile disruptions of Russian civil services in recent months, signaling a shift toward more impactful and symbolic targets.
Aeroflot’s Strategic Role Makes It a Prime Target
Founded in 1923, Aeroflot is more than just an airline in Russia—it’s a national symbol and a key player in the country’s transportation and logistics infrastructure. It also maintains close ties with the Russian government, providing services for official state travel and military logistics.
Its central role in the country’s aviation sector may have made it an attractive target for politically motivated cyber groups. While there is no indication that military operations were affected by the breach, the symbolic damage is significant, especially as Russia attempts to project normalcy amid ongoing international tensions.
With its website still offline and internal systems reportedly damaged, Aeroflot now faces a long and complex recovery process. Experts suggest that restoring full service could take weeks, especially if backup systems were also compromised or if sensitive data must be rebuilt from scratch.
Meanwhile, the company may also face legal challenges if passenger data was indeed leaked, as well as reputational damage both domestically and abroad. Russia’s aviation sector, already under pressure from sanctions and reduced international traffic, could be further weakened by the lingering effects of this attack.
