Air Serbia, the national carrier of Serbia, is currently battling the aftermath of a significant cyberattack that has disrupted internal systems and delayed the issuance of employee payslips. Aviation industry sources confirmed that the airline alerted staff earlier this month about growing cybersecurity concerns, which culminated in a temporary halt to the distribution of payroll documents for June 2025.
The issue first came to light when staff were notified on July 4 that the airline was experiencing active cyber intrusions. In internal communications, management warned employees that core business processes may be affected and urged caution when interacting with digital communications, particularly unsolicited emails or messages containing payslip attachments. By July 10, the airline issued an official internal memo confirming that payslip distribution was suspended as a precaution while IT teams worked to assess and contain the breach.
While June salaries were reportedly paid on schedule, employees were unable to access their individual payroll documents. In the notice, the Human Resources department emphasized that the airline prioritized reopening access only once systems were verified as secure. Payslips, the company stated, would be emailed directly to employees once it was safe to do so.
To mitigate further risk, the company’s IT department implemented several strict security measures, including mandatory password resets, restricted internet access to internal portals, and enhanced scanning for potential threats. Employees were urged not to open any suspicious emails and to report unusual digital activity.
Insiders familiar with the matter indicated that the attack may have involved a compromise of Air Serbia’s Active Directory, the system that manages user identities and access to internal resources. This suggests the breach may have extended well beyond surface disruptions, potentially involving unauthorized access to sensitive systems. Due to a reported lack of logging data, determining the full extent and timeline of the attack has proven difficult for investigators.
Although Air Serbia has not publicly disclosed whether customer or employee data was compromised, concerns remain within the organization. The airline had experienced distributed denial-of-service (DDoS) attacks earlier this year, but sources say the current incident represents a much deeper and more coordinated threat, affecting both IT infrastructure and internal communications.
