Russian flag carrier Aeroflot cancelled dozens of flights on Tuesday following a severe cyberattack that disrupted its operations, though the airline said it had now stabilised its flight schedule. The Russian transport ministry also confirmed that the situation had been brought under control.
Two pro-Ukrainian hacker groups — Belarusian Cyber Partisans and a newer collective known as Silent Crow — claimed responsibility for the breach. They alleged they had infiltrated Aeroflot’s systems over the course of a year, compromising 7,000 servers, obtaining sensitive data on employees and passengers, and taking control of computers belonging to senior management.
The fallout was evident at Moscow’s Sheremetyevo Airport, Aeroflot’s main hub, where around 25 outbound flights were cancelled overnight and through Tuesday morning. Additionally, Interfax reported that 31 inbound flights to Moscow were scrapped. Although most afternoon and evening flights were scheduled to depart, numerous delays persisted.
Aeroflot said its flight operations had been “stabilised,” and the transport ministry praised the airline and airport staff for resolving the crisis “in the shortest possible time.” While the ministry referred to the disruption as a failure of IT infrastructure, prosecutors have launched an investigation under the assumption that it was a cyberattack.
In a statement to Reuters, Yuliana Shemetovets, spokesperson for the Cyber Partisans, claimed that Aeroflot was operating on manual systems in an attempt to maintain business continuity. She alleged the airline was using outdated software and lax security protocols, including saving passwords in unsecured Word documents and failing to change login credentials for senior staff since 2022. These claims have not been independently verified, and Aeroflot has not commented publicly on the accusations.
Despite the chaos, Aeroflot’s shares rebounded on Tuesday, gaining 1.36% after plunging to a low not seen since late 2024 in the immediate aftermath of the attack.
The incident has triggered alarm among Russian lawmakers and cybersecurity experts. Mikhail Klimarev, director of the Internet Protection Society, criticised the country’s digital defenses and said the breach exposed serious vulnerabilities. “It’s a wake-up call,” he warned, noting that the hackers could, in theory, manipulate data to cause catastrophic failures, including the risk of planes crashing.
Klimarev also pointed to the effect of Western sanctions, which have isolated Russian companies from global cybersecurity best practices. “It’s like with viruses,” he said. “If you don’t communicate with people who have the flu, you have no immunity.”
Authorities are now expected to investigate not only the attackers but also the systemic failures that enabled the breach.
