Russia’s flagship carrier, Aeroflot, faced a widespread disruption on Monday morning as a catastrophic failure of its information technology systems forced the airline to cancel dozens of flights. The incident affected both domestic and international operations, leaving thousands of passengers stranded and triggering a criminal investigation.
We’re going down… And staying down
Aeroflot reported that at least 42 flights—most within Russia but including services to destinations such as Belarus, Armenia, Kazakhstan, and Uzbekistan—were initially canceled. As the outage continued, the number of cancellations and delays increased throughout the day. Passengers were instructed via official channels and airport displays to collect their luggage and leave terminals to alleviate congestion.
In an official statement, Aeroflot attributed the disruption to a critical failure of its IT infrastructure, warning that further service interruptions could occur as technical teams worked to restore systems. The airline offered refunds or free rescheduling within a 10-day window for those affected, though it cautioned that the process would be slowed by the ongoing technical issues.
If you hacked Aeroflot, raise your hand
Responsibility for the cyberattack was promptly claimed by “Silent Crow,” a pro-Ukrainian hacker collective, which stated that it had carried out the operation in collaboration with a Belarusian group known as “Cyberpartisans BY.” According to their statements on social media, the attackers claimed to have destroyed virtually the entirety of Aeroflot’s internal IT systems by compromising approximately 7,000 servers, accessing 20 to 22 terabytes of sensitive data, and gaining control over employee computers. The groups threatened to release the personal information of all Russian citizens who have ever flown with Aeroflot, explicitly citing retaliation for Russia’s continued military actions in Ukraine.
Okay, so, yeah, that “failure” we told you about… hackers caused it
Russian authorities swiftly confirmed the airline’s information systems failure was due to a cyberattack. The Prosecutor General’s office has launched a formal criminal investigation, and Kremlin officials described the scale and impact of the attack as “alarming.” While independent verification of all the hackers’ claims remains outstanding, Russian government statements and data from independent flight tracking services confirmed the depth of operational disruption suffered by Aeroflot.
This incident represents one of the most significant cyberattacks targeting Russian civil infrastructure since the escalation of hostilities in Ukraine. The attack both paralyzed Russia’s largest airline for hours and threatened the privacy of millions of passengers. Against a backdrop of intensifying cyber activities by both pro-Russian and pro-Ukrainian groups, the Aeroflot cyberattack highlights the escalating risks to critical national infrastructure in the ongoing conflict.
