Russia’s national flag carrier, Aeroflot, was plunged into chaos on Monday after a severe cyberattack forced the cancellation of more than 50 round-trip flights, disrupting travel for thousands across the country. The incident, which sent the airline’s stock tumbling by 3.9%, was quickly claimed by two pro-Ukraine “hacktivist” groups. The significant breach prompted an immediate and worried response from the Kremlin, which confirmed the event was a hack and has opened a criminal investigation into the matter.
The responsibility for the attack was claimed by a group known as Silent Crow, in partnership with the Belarusian Cyberpartisans, an organization that opposes Belarusian President Alexander Lukashenko. In statements, the groups framed the attack as an act of solidarity with Ukraine, declaring “Glory to Ukraine! Long live Belarus!” and stating their goal was to “paralyse the largest airline in Russia.” The hackers alleged that the disruption was the culmination of a year-long operation that gave them deep access to Aeroflot’s network, allowing them to destroy 7,000 servers and gain control of employee computers.
They further threatened to release the personal data of every person who has ever flown with the airline.
The Russian government has treated the breach with utmost seriousness, viewing it as an escalation in the ongoing conflict. Kremlin spokesman Dmitry Peskov called the situation “quite alarming,” while senior lawmakers framed it as a battle on the digital front. Anton Gorelkin, a member of parliament, stated, “We must not forget that the war against our country is being waged on all fronts, including the digital one.” His colleague, Anton Nemkin, pushed for an investigation that would identify not only the perpetrators but also those responsible for the “systemic failures in protection” that allowed the attack to succeed.
The real-world consequences were starkly visible at Moscow’s Sheremetyevo Airport, where departure boards glowed red with cancellations during a peak holiday travel season. While Aeroflot stated it planned to operate 206 of its 260 scheduled flights for the day, dozens more were delayed by hours. The airline announced that affected passengers would be eligible for refunds or could rebook their flights once systems were restored, and that it was attempting to place some travelers on other airlines.
This attack on Aeroflot highlights the growing role of cyber warfare in geopolitical conflicts.
Silent Crow has previously been linked to several other high-profile data breaches targeting Russian entities, including government departments and major corporations. Despite facing heavy Western sanctions, Aeroflot remains one of the world’s largest airlines by passenger volume, making it a high-value and symbolic target for groups seeking to inflict damage on the Russian state.
Reference:
