A major cyberattack struck Aeroflot, Russia's flag carrier, on Monday, July 28, 2025, causing significant disruption to its flight operations. The attack led to the cancellation of over 100 flights and impacted both domestic and international routes. The incident triggered long queues and stranded passengers at Moscow's Sheremetyevo Airport, Aeroflot's main hub, during the peak summer travel season.

Details of the Attack

Aeroflot initially attributed the disruption to a "technical failure" in its IT system. However, the Russian Prosecutor General's Office later confirmed that a cyberattack was the cause of the outage and launched a criminal investigation.

Responsibility for the cyberattack was claimed by a pro-Ukrainian hacker group known as Silent Crow, in collaboration with the Belarusian Cyber-Partisans. The Belarusian Cyber-Partisans oppose the rule of Belarusian President Alexander Lukashenko. In a statement, the groups said they had "completely compromised and destroyed" Aeroflot's IT infrastructure. They claimed to have stolen the airline's entire database of flight history, audio recordings of internal calls, and surveillance data, including information on staff monitoring systems. Silent Crow claimed they had maintained access to Aeroflot's corporate network for over a year, exploiting various vulnerabilities to deepen their foothold within the infrastructure.

The hackers asserted they had destroyed approximately 7,000 servers and stolen at least 20 terabytes of data. They also claimed to have gained control of computers belonging to senior managers at Aeroflot. The hackers hinted they would publish the personal data of all Russians who had flown with Aeroflot.

Impact and Consequences

The cyberattack had a wide-ranging impact on Aeroflot's operations:

• Flight Cancellations and Delays: Over 100 flights were canceled, primarily domestic routes, but also some international flights to Belarus, Armenia, and Uzbekistan. Some flights planned for later in the week were also canceled.
• Passenger Disruption: Hundreds of passengers were stranded at airports, particularly at Moscow's Sheremetyevo Airport. Aeroflot provided stranded travelers with free water, sandwiches, and food vouchers.
• System Outage: The attack caused a mass outage of Aeroflot's computer systems, paralyzing operations. According to one source, "all systems are down…they can't even refuel the planes".
• Financial Impact: Aeroflot's shares dropped nearly 4% following the attack. Cybersecurity analysts estimate that rebuilding Aeroflot's digital infrastructure could cost tens of millions of dollars.
• Reputational Damage: The attack damaged Aeroflot's reputation and raised concerns about the airline's cybersecurity preparedness.

Responses and Reactions

The cyberattack on Aeroflot has drawn strong reactions and responses:

• Russian Government: The Russian Prosecutor General's Office launched a criminal investigation into the incident. Kremlin spokesperson Dmitry Peskov called the reports of the cyberattack "quite alarming" and acknowledged the ongoing hacker threat to large companies. A senior lawmaker called for stronger cyber defenses and for those responsible for the security lapse to be brought to justice.
• Aeroflot: The airline stated it was working to restore normal operations as quickly as possible and promised to refund passengers or rebook their tickets once its systems were back online.
• International Community: Aviation regulators in the EU and the U.S. are reportedly reviewing data-sharing arrangements with Aeroflot and other Russian aviation entities.
• Cybersecurity Experts: Cybersecurity experts have warned that the Aeroflot breach may become a case study in state-aligned cyber warfare.

Broader Implications

The cyberattack on Aeroflot highlights the growing threat of cyberattacks in the aviation industry. Cyberattacks against airlines have risen significantly in recent years, with a 131% increase between 2022 and 2023. These attacks can have severe consequences, including:

• Revenue loss
• Passenger attrition
• Damage to brand reputation
• Operational disruptions
• Financial fraud
• Data breaches

The Aeroflot incident underscores the need for airlines and other aviation organizations to prioritize cybersecurity and implement robust measures to protect their systems and data. This includes comprehensive risk assessments, employee training, and advanced security technologies. The incident also highlights the importance of supply chain security, as vulnerabilities in third-party systems can have cascading effects on the entire aviation ecosystem.