Aeroflot, Russia's national airline, has canceled additional flights following a cyberattack, yet the airline claims that their schedule has become stable once more.

Aeroflot, Russia's national airline, has canceled additional flights following a cyberattack, yet the airline claims that their schedule has become stable once more.

Aeroflot, Russia's flagship airline, faced a major disruption on July 28, 2025, when its IT infrastructure was infiltrated by hackers from Ukrainian and Belarusian groups Silent Crow and Cyber Partisans. This cyberattack resulted in the cancellation of over 100 flights and caused significant delays, resulting in an estimated loss of $2.9 million[1][3][5].

The hackers claimed to have had access to critical server and virtualization resources for over a year, exfiltrating databases including flight history, employee workstations, phone call recordings, and personnel monitoring systems. They also destroyed access to cripple operations[2].

The attack appears to be politically motivated rather than financially driven, as no ransom was demanded, and stolen data was published publicly to cause strategic disruption to Aeroflot[1][2]. Initially, Aeroflot's flight operations were significantly affected, but they have since largely resumed normal service following recovery efforts.

Aeroflot reported stabilizing its schedule by July 29, operating roughly 80% of its flights on July 28 and expecting to complete 93% on July 29, with cancellations reduced to 53 flights that morning and the schedule mostly restored by Tuesday afternoon[1].

The Belarusian Cyber Partisans, a long-established group that opposes President Alexander Lukashenko, claimed responsibility for the cyberattack. A more shadowy hacking outfit called Silent Crow also claimed responsibility[6]. It is not specified whether Silent Crow has any known history or affiliations[7].

The hacking groups gained control over the personal computers of Aeroflot's staff, including senior managers. They also claimed to have extracted data on passengers and employees[2]. The cyberattack has drawn anger from affected passengers due to heavy delays across Russia, the world's biggest country[4].

Russian investigators are urged to focus not only on the perpetrators but also on those who allowed the attack to happen[8]. The schedule for the rest of the day on Tuesday appeared largely unaffected by the cyberattack, beyond the initial selective cancellations[9].

The Belarusian Cyber Partisans has been active for several years, and this is not the first time they have targeted Russian entities. The group is known for its opposition to President Lukashenko and has previously claimed responsibility for cyberattacks on Belarusian government websites[10].

References:

1. BBC News
2. Reuters
3. The Guardian
4. CNN
5. ZDNet
6. Kaspersky
7. CyberScoop
8. RT
9. The Moscow Times
10. BBC News
11. The cyberattack on Aeroflot's IT infrastructure, carried out by the Ukrainian and Belarusian groups Silent Crow and Cyber Partisans, was a significant disruption in the aerospace industry, impacting finance as the airline incurred an estimated loss of $2.9 million.
12. The politically motivated attack on Aeroflat's IT systems also targeted critical server and virtualization resources, compromising databases related to technology, including flight history, employee workstations, phone call recordings, and personnel monitoring systems.
13. The cyberattack on Aeroflot has not only drawn attention from the general news and cybersecurity sectors but also from the political world, as it was carried out by the Belarusian Cyber Partisans, an organization known for opposing President Alexander Lukashenko, and Silent Crow, a less-known hacking outfit.

Read also: