Russia’s national flag carrier, Aeroflot, has been plunged into chaos following a severe cyberattack that forced the cancellation of over 100 flights on Monday and Tuesday, leaving thousands of passengers stranded and disrupting air travel across the region. The unprecedented incident, one of the most disruptive cyberattacks to hit Russian critical infrastructure since 2022, has prompted a criminal investigation by the Prosecutor General’s Office.
The cyberattack, which targeted Aeroflot’s computer systems, led to a mass outage across the airline’s operations. While Aeroflot initially cited unspecified “difficulties” with its information technology system, pro-Ukrainian hacking group Silent Crow, in collaboration with Belarusian hacktivist group Cyber-Partisans, quickly claimed responsibility. The groups asserted they had been inside Aeroflot’s corporate network for a year, allegedly compromising over 7,000 servers, accessing confidential documents, and extracting sensitive customer and operational data. They further claimed to have destroyed core IT infrastructure, potentially costing Aeroflot tens of millions of dollars to restore.
Images circulating on social media showed scenes of disarray at Moscow’s Sheremetyevo Airport, Aeroflot’s main hub, with hundreds of delayed passengers crowding terminals as departure boards displayed widespread cancellations. The disruption also impacted flights operated by Aeroflot’s subsidiaries, Rossiya and Pobeda. While most affected flights were domestic, some international routes to Belarus, Armenia, and Uzbekistan were also canceled.
Kremlin spokesman Dmitry Peskov described the situation as “quite alarming,” emphasizing the ongoing threat of cyberattacks to all large companies providing public services. Senior lawmaker Anton Gorelkin called the incident a “wake-up call” for Moscow, urging a reinforcement of the country’s cyber defenses.
Aeroflot has stated that specialists are working tirelessly to minimize the impact and restore normal service operations, with efforts being made to rebook affected passengers or offer refunds. However, recovery could be protracted, with some experts quoted in Russian media suggesting that full restoration of Aeroflot’s IT systems might take up to a year. This incident underscores the increasing vulnerability of critical infrastructure to sophisticated cyber threats, especially in the context of heightened geopolitical tensions.
