In a major disruption to air travel across the Russian Federation, Aeroflot, the country’s national airline, was forced to cancel more than 50 round-trip flights on Monday after a large-scale cyberattack brought critical systems to a standstill. The breach, which triggered cascading delays and grounded flights at Russia’s busiest airports, has been claimed by two pro-Ukraine hacker groups.
The cyberattack, described by government officials as alarming and unprecedented in scale, severely impacted Aeroflot’s operations and signaled a rising threat of digital warfare amid the ongoing conflict between Russia and Ukraine.
Authorities have since opened a formal criminal investigation, while Aeroflot technicians continue working around the clock to restore full functionality to the airline’s systems.
Hackers Say Cyber Offensive Was a Coordinated Strike Against Russian Infrastructure
Two digital activist organizations—Silent Crow and Belarusian Cyberpartisans—took credit for the attack, stating that they worked together to execute a deeply invasive year-long cyber operation targeting Aeroflot’s IT infrastructure. In separate statements, the groups declared their intent to paralyze what they described as a symbol of Russia’s aggression and dictatorship.
Silent Crow claimed it destroyed as many as 7,000 servers and took control of personal computers belonging to Aeroflot employees, including top-level managers. Belarusian Cyberpartisans echoed the sentiment, stating their motive was to support Ukraine in its ongoing resistance against what they called “the occupier.”
“Glory to Ukraine! Long live Belarus!” read a statement attributed to Silent Crow, while the Belarusian Cyberpartisans declared on their website that they aimed to “liberate Belarus from dictatorship” and assist Ukrainian efforts by disrupting Russian state operations.
Although Ukraine did not release any official statement regarding the attack, the language used by the hackers made clear their alignment with Kyiv’s broader resistance to Moscow.
Disruption Hits Travelers During Peak Holiday Season
The timing of the cyber strike could not have been worse for Russian travelers. Many had planned vacations around this period, and the sudden grounding of flights caused chaos at major transportation hubs. Departure boards at Moscow’s Sheremetyevo International Airport were flooded with cancellation notices and long delays, with frustrated passengers crowding check-in counters in search of updates.
Aeroflot issued a public statement confirming that 54 round-trip flights had been canceled, while 206 other flights were expected to proceed out of the originally scheduled 260. However, delays were widespread, and real-time departure screens revealed that dozens of flights remained hours behind schedule.
“Specialists are currently working to minimise the impact on the flight schedule and to restore normal service operations,” the airline said in a statement.
Still, the attack had an immediate financial impact. Aeroflot’s share price dropped sharply during afternoon trading, declining by 3.9%, significantly more than the broader market’s 1.3% dip by 1533 GMT.
Government Admits Serious Security Flaws in Wake of Cyberattack
The Kremlin responded swiftly, acknowledging the seriousness of the cyber intrusion. Kremlin spokesman Dmitry Peskov called the information available in the public domain “quite alarming” and warned that all major service providers are now facing escalating digital threats.
“The hacker threat is a threat that remains for all large companies providing services to the population,” Peskov stated, stressing that the government views this incident as a national security issue.
Russian lawmakers echoed this concern. Senior parliamentary figure Anton Gorelkin described the cyberattack as part of a broader war against the Russian state. “We must not forget that the war against our country is being waged on all fronts, including the digital one,” he said. “And I do not rule out that the ‘hacktivists’ who claimed responsibility for the incident are in the service of unfriendly states.”
Another legislator, Anton Nemkin, criticized what he described as systemic lapses in cybersecurity at Aeroflot and urged investigators to uncover not just the identity of the hackers but also those who failed to secure the airline’s infrastructure adequately.
“This is a wake-up call for our digital security frameworks. We need to ensure that those responsible for negligence within our institutions are held accountable,” Nemkin insisted.
Digital Warfare Becomes a New Battleground in Russia-Ukraine Conflict
The cyberattack on Aeroflot represents one of the most high-profile digital assaults on Russian infrastructure since the conflict in Ukraine began. While cyberattacks have grown more frequent over the past two years, the scope and success of this operation suggest a new level of sophistication and coordination among anti-Russian hacking entities.
Silent Crow has previously claimed responsibility for attacks targeting a Russian real estate registry, a major telecoms provider, an insurance firm, the Moscow city government’s IT department, and even the Russian office of an international automobile manufacturer. Several of those attacks reportedly resulted in significant data breaches and operational setbacks.
With this latest offensive, the group appears to have struck directly at Russia’s national transport infrastructure, delivering a blow that rippled across the entire country and drew global attention.
Belarusian Cyberpartisans, meanwhile, have established themselves as digital insurgents against the Belarusian government, led by President Alexander Lukashenko. Their collaboration with Silent Crow indicates a growing network of loosely aligned digital activists committed to confronting authoritarian regimes through cyber means.
Aeroflot Faces Daunting Recovery and Heightened Security Demands
Although Aeroflot has not provided a clear timeline for full system restoration, the airline acknowledged that the damage was substantial. Recovering from the destruction of thousands of servers and securing employee devices believed to be compromised will require both immediate triage and long-term restructuring of cybersecurity protocols.
Industry experts estimate that restoring Aeroflot’s systems to full operational capacity could take several weeks or more, depending on the depth of infiltration and whether critical data has been backed up or permanently erased.
Furthermore, the breach raises serious concerns about the vulnerability of other Russian transport and service providers. If a national airline with extensive government ties can be so deeply compromised, questions arise about the safety of other state institutions and private corporations operating in vital sectors.
Growing Pressure on Russian Cyber Defense Capabilities
This event has further intensified debate within Russia about its cyber defense capabilities. While the country has often boasted of advanced digital warfare tools, this incident reveals glaring weaknesses in defending against sustained and targeted attacks.
Calls have grown louder for a national overhaul of cybersecurity frameworks, with lawmakers urging collaboration between state security agencies, private tech companies, and academic institutions to build more resilient systems. Observers also believe this incident could prompt greater government oversight of IT operations across the aviation, telecommunications, and transportation sectors.
In response, the Ministry of Digital Development may impose stricter compliance requirements on firms like Aeroflot, including mandatory penetration testing, increased employee training, and better incident response protocols.
Conclusion: A New Phase in Hybrid Warfare Emerges
The attack on Aeroflot not only disrupted travel for thousands of passengers but also served as a potent symbol of modern hybrid warfare, where digital infrastructure becomes just as critical—and vulnerable—as physical battlegrounds. As Russian officials grapple with the fallout, it is clear that cybersecurity has now become a frontline concern for both government and business leaders.
With pro-Ukraine hackers vowing to continue their cyber offensives, and Russian lawmakers pressing for a national reckoning on digital defense, the situation signals a new and dangerous chapter in the evolving conflict—one where the battles may no longer be fought solely with weapons, but with lines of code and networks under siege.
