Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

Posted on

A cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled Aeroflot ’s systems, canceling over 100 flights.

On July 28, 2025, a cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled the systems of Russian state-owned carrier Aeroflot. Over 100 flights were cancelled following the attack, which also caused delays.

The attack paralyzed the carrier’s IT systems and the company website was unreachable.

Aeroflot warned of IT issues on Monday, later confirmed as a cyberattack by Russia’s Prosecutor’s Office. A raèresentative from the Russian Government called the incident “alarming.”

This is one of the most disruptive cyberattacks against a Russian critical infrastructure operator since Russia’s 2022 invasion, grounding flights, crowding airports, and affecting domestic and some international routes.

The attack also impacted the operations of Aeroflot’s subsidiaries, Rossiya and Pobeda. The attack also disrupted some international flights to Armenia, Belarus, and Uzbekistan.

“We are helping Ukrainians in their fight with the occupier, carrying out a cyber strike on Aeroflot and paralysing the largest airline in Russia.” the Belarusian group Cyberpartisans wrote on its website.

Silent Crow announced the success of the attack on Telegram:

“prolonged and large-scale operation… completely destroyed” Aeroflot’s IT systems. The hacktivists also claimed the theft of sensitive information from the company and threatened to release “the personal data of all Russians who have ever flown Aeroflot”.

“The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip — albeit without luggage and to the same destination,” continues the group.

“Glory to Ukraine! Long live Belarus!”, the message states.

Silent Crow said the attack is the result of a year-long operation that used social engineering to infiltrate Aeroflot, exploiting human error over tech flaws. The hacktivists claimed year-long access to Aeroflot’s network, stealing customer data, internal files, call recordings, surveillance footage, and communications.

“All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic,” the Silent Crow group wrote on Telegram.

Targeting Russia’s flagship airline sent a clear message: no critical infrastructure is safe with outdated systems and weak defenses.

The Belarus Cyber-Partisans told the AP they aimed to “deliver a crushing blow” with the Aeroflot hack.

“This is a very large-scale attack and one of the most painful in terms of consequences,” Cyber-Partisans group coordinator Yuliana Shametavets said. She said that the group had been preparing the attack for several months, and were able to penetrate the Aeroflot network by exploiting various vulnerabilities.

The Belarus Cyber-Partisans is a hacktivist group that has been active since 2020. Formed in the wake of the disputed 2020 election and subsequent crackdown on protests, the Cyber-Partisans target Belarusian government institutions.

The Cyber-Partisans group has conducted numerous attacks on Belarusian state media over the past four years. In 2022, they targeted Belarusian Railways multiple times, seizing control of its traffic lights and control system. This action disrupted the transit of Russian military equipment into Ukraine via Belarus.

The group Cyber-Partisans also claimed in April 2024 that they had breached Belarus’ main KGB security agency.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Aeroflot)

Related Posts