Russian airline Aeroflot faced a disruption today (July 28) after cancelling dozens of flights due to what it described as a failure in its information systems. Adding to the concern, a hacking collective known as Silent Crow claimed responsibility for the Aeroflot cyberattack, alleging a yearlong infiltration that severely damaged the airline’s IT infrastructure.
The national carrier is yet to share the specifics of the incident, offering no detailed explanation of the failure or how long the restoration efforts might take. However, the group Silent Crow released a statement asserting that they had carried out the operation in partnership with a Belarusian hacking collective called Cyberpartisans BY.
Decoding the Aeroflot Cyberattack
The Aeroflot cyberattack was linked to ongoing geopolitical tensions, with the hackers expressing solidarity with Ukraine and the democratic opposition in Belarus. Their statement included the rallying cry: “Glory to Ukraine! Long live Belarus!”, reported Turkish newspaper Daily Sabah.
According to Aeroflot, the IT failure forced the cancellation of over 40 flights. These disruptions affected routes across Russia, as well as international flights to Minsk in Belarus and Yerevan in Armenia. Passengers at Moscow’s Sheremetyevo airport, the airline’s main hub, faced confusion and frustration as chaos unfolded. Local news outlets reported long lines and congestion as travelers queued to exit the airport and retrieve their checked luggage following cancellations.
In a message on Telegram, Aeroflot urged passengers impacted by the cancellations to collect their belongings and leave the airport premises. The airline also confirmed that specialists were actively working to minimize the impact on schedules and restore normal operations as soon as possible.
Details of the Cyberattack and Data Security Concerns
Silent Crow’s statement denoted that they have deeply penetrated Aeroflot’s corporate network, destroyed approximately 7,000 servers, and taken control of employees’ personal computers, including those of senior management. While no direct evidence was provided to back these assertions, the hackers warned they would soon begin releasing “the personal data of all Russians who have ever flown Aeroflot.”
Despite the challenges posed by international sanctions linked to the war in Ukraine, Aeroflot remains one of the top 20 airlines worldwide by passenger volume. According to the airline’s official website, the Aeroflot Group served 55.3 million passengers in 2024, underscoring its continued significance in global aviation.
The hacking group Silent Crow described their operation in detail: “Together with our colleagues from Cyber Partisans BY, we declare the successful completion of a prolonged and large-scale operation, as a result of which the internal IT infrastructure of Aeroflot Russian Airlines was completely compromised and destroyed.
For a year, we were inside their corporate network, methodically developing access, going deeper to the very core of the infrastructure.” Their message reiterated support for Ukraine and the Belarusian opposition, positioning the attack as part of a broader resistance effort against Russian influence, reported the Daily Express US.
Conclusion
The Aeroflot cyberattack disrupted operations at Sheremetyevo airport, with flight cancellations increasing beyond the initial 40 and more schedule changes expected in the coming days. Passengers faced confusion and frustration as uncertainty grew, while attempts by media outlets like The Cyber Express to get official comments from Aeroflot have so far gone unanswered.
This is an ongoing story, and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the attack or any statements from the company.
