A cyberattack on Russian state-owned flagship carrier Aeroflot caused a mass outage to the company’s computer systems on Monday, Russia’s prosecutor’s office said, forcing the airline to cancel more than 100 flights and delay others.
Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian President Alexander Lukashenko, claimed responsibility for the cyberattack.
It is one of the most disruptive cyberattacks to hit Russia since the start of the country’s full-scale invasion of Ukraine in February 2022. Previous attacks have targeted Russian government websites and other major Russian companies — noteably the state-owned Russian Railways — but normal services have resumed within hours.
Images shared on social media showed hundreds of delayed passengers crowding Moscow’s Sheremetyevo airport, where Aeroflot is based. The outage also disrupted flights operated by Aeroflot’s subsidiaries, Rossiya and Pobeda.
While most of the flights affected were domestic, the disruption also led to cancellations for some international flights to Belarus, Armenia and Uzbekistan.
In a statement released early Monday, Aeroflot warned passengers that the company’s information technology system was experiencing unspecified difficulties and that disruption could follow.
Russia’s Prosecutor’s Office later confirmed that a cyberattack had caused the outage and that it had opened a criminal investigation.
Kremlin spokesperson Dmitry Peskov called reports of the cyberattack “quite alarming,” adding that “the hacker threat is a threat that remains for all large companies providing services to the general public.”
Silent Crow claimed it had accessed Aeroflot’s corporate network for a year, copying customer and internal data, including audio recordings of phone calls, data from the company’s own surveillance on employees and other intercepted communications.
“All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic,” the channel purporting to be the Silent Crow group wrote on Telegram. There was no way to independently verify its claims.
The same channel also shared screenshots that appeared to show Aeroflot’s internal IT systems, and insinuated that Silent Crow could begin sharing the data it had seized in the coming days.
“The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip — albeit without luggage and to the same destination,” it said.
The Belarus Cyber-Partisans told The Associated Press that they had hoped to “deliver a crushing blow.” The group has previously claimed responsibility for a number of cyberattacks, and said in April 2024 that they had been able to infiltrate the network of Belarus’ main KGB security agency.
“This is a very large-scale attack and one of the most painful in terms of consequences,” group coordinator Yuliana Shametavets said. She said that the group had been preparing the attack for several months, and were able to penetrate the Aeroflot network by exploiting various vulnerabilities.
Belarus is a close ally of Russia. Lukashenko, who has ruled Belarus with an iron hand for more than 30 years and has relied on Russian subsidies and support, allowed Russia to use his country’s territory to launch a full-scale invasion of Ukraine on Feb. 24, 2022, and to deploy some of Moscow’s tactical nuclear weapons in Belarus.
Russia’s airports have repeatedly faced mass delays over the summer as a result of Ukrainian drone attacks, with flights grounded amid safety concerns.
