Devastating Cyberattack on Aeroflot by Pro-Ukraine Hacktivists Causes Mass Flight Cancellations

TL;DR

Pro-Ukraine hacktivist groups Silent Crow and Belarusian Cyber-Partisans claimed responsibility for a major cyberattack on Russian airline Aeroflot, resulting in the cancellation of over 100 flights and significant operational disruptions. The attack, which paralyzed Aeroflot’s IT systems, is one of the most disruptive cyber incidents targeting Russian critical infrastructure since the 2022 invasion.

Main Content

Massive Cyberattack Disrupts Aeroflot Operations

On July 28, 2025, a cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled the systems of Russian state-owned carrier Aeroflot. The attack led to the cancellation of over 100 flights and caused widespread delays. The carrier’s IT systems were paralyzed, and the company website became unreachable.

Attack Details and Impact

Aeroflot warned of IT issues on Monday, which were later confirmed as a cyberattack by Russia’s Prosecutor’s Office. A representative from the Russian Government described the incident as “alarming” ¹.

BREAKING: Hackers claim they’ve breached the systems of Russian airline giant Aeroflot

The groups Silent Crow and Belarusian Cyber-Partisans say they have completely destroyed the company’s IT infrastructure

According to them, the operation lasted a year and ended in a… pic.twitter.com/Dj92PDY746

— NEXTA (@nexta_tv) July 28, 2025

This attack is one of the most disruptive cyber incidents targeting a Russian critical infrastructure operator since Russia’s 2022 invasion of Ukraine. The disruption grounded flights, crowded airports, and affected both domestic and some international routes.

Extent of the Attack

The attack also impacted the operations of Aeroflot’s subsidiaries, Rossiya and Pobeda. Additionally, some international flights to Armenia, Belarus, and Uzbekistan were disrupted.

Russia: Cyber attack destroyed 7,000 servers at Kremlin-owned airline Aeroflot. All operations have come to a standstill.
12TB of databases, 8TB of Windows Share files, and 2TB of corporate mail taken.
Up to 200,000 passengers flew daily on Aeroflot during the summer. pic.twitter.com/tqPqdUDqNg

— Igor Sushko (@igorsushko) July 28, 2025

Hacktivist Groups’ Statements

The Belarusian Cyber-Partisans stated on their website:

“We are helping Ukrainians in their fight with the occupier, carrying out a cyber strike on Aeroflot and paralysing the largest airline in Russia.” ²

Silent Crow announced the success of the attack on Telegram:

“prolonged and large-scale operation… completely destroyed” Aeroflot’s IT systems. The hacktivists also claimed the theft of sensitive information from the company and threatened to release “the personal data of all Russians who have ever flown Aeroflot” ³.

Attack Methodology

Silent Crow revealed that the attack was the result of a year-long operation using social engineering to infiltrate Aeroflot. The hacktivists claimed year-long access to Aeroflot’s network, stealing customer data, internal files, call recordings, surveillance footage, and communications.

“All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic,” the Silent Crow group wrote on Telegram ⁴.

Strategic Implications

Targeting Russia’s flagship airline sent a clear message: no critical infrastructure is safe with outdated systems and weak defenses.

The Belarus Cyber-Partisans told the AP they aimed to “deliver a crushing blow” with the Aeroflot hack.

“This is a very large-scale attack and one of the most painful in terms of consequences,” Cyber-Partisans group coordinator Yuliana Shametavets said. She mentioned that the group had been preparing the attack for several months, exploiting various vulnerabilities ⁵.

MOST MASSIVE CYBERATTACK on @aeroflot!
Operation #AFLocolypse destroyed over 7 thousand servers and workstations in the offices of @svo_airport , Melkisarovo and the corresponding data centers pic.twitter.com/6GbBIJjOYI

— Belarusian Cyber-Partisans (@cpartisans) July 28, 2025

Background on Belarus Cyber-Partisans

The Belarus Cyber-Partisans is a hacktivist group active since 2020. Formed after the disputed 2020 election and subsequent crackdown on protests, the group targets Belarusian government institutions. Over the past four years, they have conducted numerous attacks on Belarusian state media and targeted Belarusian Railways multiple times, disrupting the transit of Russian military equipment into Ukraine via Belarus.

In April 2024, the group claimed to have breached Belarus’ main KGB security agency ⁶.

Conclusion

The cyberattack on Aeroflot by pro-Ukraine hacktivist groups Silent Crow and Belarusian Cyber-Partisans highlights the vulnerabilities in critical infrastructure and the growing threat of cyber warfare. As tensions continue, the importance of robust cybersecurity measures becomes increasingly evident.

Additional Resources

For further insights, check:

• Security Affairs
• Belarus Cyber-Partisans

References

1. Russia’s Prosecutor’s Office (July 28, 2025). “Cyberattack on Aeroflot Confirmed”. Security Affairs. Retrieved July 29, 2025. ↩︎

2. Belarusian Cyber-Partisans (July 28, 2025). “Cyber Strike on Aeroflot”. Belarus Cyber-Partisans. Retrieved July 29, 2025. ↩︎

3. Silent Crow (July 28, 2025). “Aeroflot Cyberattack Announcement”. Telegram. Retrieved July 29, 2025. ↩︎

4. Silent Crow (July 28, 2025). “Strategic Damage to Aeroflot”. AP News. Retrieved July 29, 2025. ↩︎

5. Yuliana Shametavets (July 28, 2025). “Preparation for Aeroflot Attack”. Security Affairs. Retrieved July 29, 2025. ↩︎

6. Belarus Cyber-Partisans (April 2024). “Breach of Belarus KGB”. Security Affairs. Retrieved July 29, 2025. ↩︎