Pro-Ukrainian hackers claim responsibility
Russia’s flagship airline, Aeroflot, cancelled over 50 flights on June 28, 2025, following what authorities have confirmed was a cyberattack, allegedly carried out by a pro-Ukrainian hacking group. The disruption hit Moscow’s Sheremetyevo airport during one of the busiest travel periods of the year.
The Kremlin has described the incident as “worrying,” with prosecutors opening a criminal investigation into the breach. Aeroflot acknowledged a failure in its information systems but has not provided further details about the cause or timeline for restoring normal operations.
Flight information displays at Sheremetyevo airport showed widespread cancellations, while passengers posted images online of long queues and confusion.
A group calling itself Silent Crow has claimed responsibility for the attack in a statement circulating online.
The group said it had worked in coordination with Belarusian hackers from Cyberpartisans BY and tied the operation to ongoing opposition to Russia’s war in Ukraine. The statement included political slogans but no independently verifiable evidence.
The hackers allegedly conducted a year-long infiltration of Aeroflot’s IT systems, reportedly turning off 7,000 servers and gaining access to the computers of senior managers, including those of employees. They also threatened to leak personal data of all passengers who have flown with the airline.
No such data breach has been confirmed by Russian authorities or the airline.
Silent Crow
Silent Crow has previously claimed responsibility for several other cyberattacks targeting Russian state-linked entities. These include hits on telecoms infrastructure, insurance firms, and government offices. While some incidents led to data leaks, independent verification of the group’s full capabilities remains limited.
Most of the affected Aeroflot flights were domestic, though international services to Yerevan and Minsk were also cancelled or delayed. The airline stated that at least 10 additional flights experienced significant delays due to IT system failures across key departments. Technicians were still working to stabilise systems and prevent further operational impact.
The Kremlin warned that the cyber threat remains serious, particularly for companies providing large-scale public services. Spokesperson Dmitry Peskov said the government would seek further information from Aeroflot and security agencies. Neither the Russian transport ministry nor Russia’s aviation regulator responded to immediate media requests.
Travellers vented their frustration on the Russian social media platform VK, criticising the airline for poor communication and a lack of updates. Some passengers reported waiting for hours with little information about rebooking or compensation. Others said call centres were overwhelmed, and mobile applications were down.
This latest breach underscores the growing vulnerability of aviation infrastructure amid the conflict in Ukraine, which has been increasingly extending into cyberspace.
Russia’s civil aviation sector has experienced regular disruptions since the conflict began in February 2022, though most have been caused by drone activity or airspace closures. A cyberattack of this scale marks an escalation in the type of threat facing state-linked firms.
The impact of the disruption extends beyond Russia. Aeroflot maintains air connections to several destinations in the Middle East, including Dubai, Abu Dhabi, and Cairo. While those flights were not directly affected, regional airports and airlines have increased their vigilance amid concerns that similar cyber threats may spread beyond Russian borders.
Aeroflot has yet to confirm if any customer data was compromised. Authorities have not released findings from the investigation. The airline continues to operate a reduced schedule while working to bring its systems back online.
Cybersecurity partnership
This June, Aeroflot signed a cybersecurity partnership with digital risk firm BI. Zone, as part of its efforts to protect its IT infrastructure, following a string of high-profile cyberattacks targeting Russian companies.
The agreement was signed during the St. Petersburg International Economic Forum on June 19 amid growing concerns over the use of AI in cyber warfare.
Under the deal, Aeroflot and BI. Zone now collaborate on threat intelligence, develops AI-based security tools, and work to reduce the risk of data leaks and fraud.
Senior executives from both firms signed the agreement, including Aeroflot’s Deputy CEO for Information Technology and BI.Zone’s CEO, Dmitry Samartsev. Representatives from Sberbank, a key stakeholder in BI.Zone also attended.
Image: The hackers allegedly conducted a year-long infiltration of Aeroflot’s IT systems, Credit: Ramboldheiner
