A significant cyberattack targeting the Russian airline Aeroflot has resulted in mass flight disruptions and a public dispute over a potential data breach. The Belarusian hacker group Cyber Partisans claimed responsibility for the incident, which forced the airline to cancel or delay over 100 flights, affecting approximately 20,000 passengers. In response to the crisis, Russia’s internet regulatory body, Roskomnadzor, issued a statement denying that any of the airline’s data had been compromised, directly contradicting the hackers’ claims.
To counter the official denial, Cyber Partisans released a sample of the data they allegedly stole, posting what they claim are the travel records of Aeroflot CEO Sergei Aleksandrovsky on Telegram. The leaked information detailed over 30 flights taken between April 2024 and June 2025. Adding credibility to the hackers’ claims, the investigative outlet The Insider reported that a passport number found within the leaked files matched one previously linked to Aleksandrovsky in other data breaches. The group has promised that more data will be released soon.
The immediate operational and financial fallout for Aeroflot has been substantial. The disruption on Monday alone impacted nearly half of the airline’s daily operations. According to estimates from Forbes Russia, the combination of operational disruption, potential data loss, and damage to its reputation could cost the airline as much as $50 million. While Aeroflot announced that its services were restored and operating normally by Thursday, cybersecurity experts have cautioned that a full recovery of its IT infrastructure could take significantly longer.
The incident has also raised serious questions about Aeroflot’s cybersecurity posture. The Cyber Partisans asserted that they gained access to the airline’s systems due to vulnerabilities like weak employee passwords and the use of outdated Windows operating systems, although these claims have not been independently verified. Russian cybersecurity analyst Oleg Shakorov noted that the airline could face legal scrutiny and potential penalties if an official investigation concludes that its security measures were inadequate to protect its systems and data.
The attack on Aeroflot is not an isolated event but part of a much broader wave of cyber disruptions affecting Russia. In the same week, two of the country’s largest pharmacy chains were hit, leading to the shutdown of hundreds of locations. Numerous other companies, including grocery stores, delivery platforms, and even the state postal service, have also reported outages, often attributing them to unspecified “technical failures,” suggesting a widespread and coordinated campaign against Russian infrastructure.
Reference:
