Español
A significant cyberattack attributed to pro-Ukrainian hacktivist groups forced Russia’s largest airline, Aeroflot, to cancel over 50 flights and delay at least 10 more on Monday, disrupting travel at one of the busiest times of the year.
The disruption, which impacted domestic and international routes including Minsk and Yerevan, was caused by a failure in Aeroflot’s internal information systems. While the airline did not initially disclose the origin of the incident, Russian prosecutors later confirmed it was the result of a cyberattack and launched a criminal investigation.
Hacktivist Group Claims Responsibility
The hacktivist collective Silent Crow, in coordination with Belarusian group Cyber Partisans, claimed responsibility for the breach in a Telegram post, framing it as retaliation for Russia’s ongoing invasion of Ukraine. The message declared the attack as part of a year-long campaign, claiming they infiltrated Aeroflot’s infrastructure, destroyed over 7,000 servers, and allegedly gained access to personal workstations of senior staff.
While no concrete proof has been released to verify these claims, the group threatened to leak sensitive personal data of all Russian passengers who have ever flown with Aeroflot.
Aeroflot and Government Response
Aeroflot stated that cybersecurity teams were working to contain the disruption and restore normal operations as quickly as possible. Affected passengers were offered refunds or rebooking options within 10 days. The airline’s digital services — website, mobile app, and call center — were temporarily inaccessible, adding to public frustration.
The Kremlin called the situation “alarming” and acknowledged the broader risks posed by cyber threats to national infrastructure. “Cybersecurity remains a critical challenge for all major service providers,” said Kremlin spokesperson Dmitry Peskov.
Politically Motivated Disruption, Not Ransomware
Cybersecurity experts, including Rafe Pilling from Sophos, suggest that this was not a financially motivated ransomware attack. Rather, it appears to be a deliberate attempt to disrupt operations and attract global attention to the political cause behind it. The nature of the attack and the lack of ransom demands support this theory.
Broader Context of Cyber Warfare
Since the beginning of Russia’s invasion of Ukraine in 2022, cyber operations have become a parallel battlefield. Ukraine’s “IT Army,” composed of volunteers and professionals, has coordinated digital countermeasures targeting Russian infrastructure, and the recent Aeroflot breach may be a reflection of that continued digital warfare.
Implications for Critical Infrastructure Security
The Aeroflot incident reinforces the urgent need for resilient cybersecurity frameworks, especially for critical infrastructure providers. Attacks that aim to disrupt—not just monetize—pose unique challenges, as they target availability and public trust rather than data theft alone.
As threats evolve, organizations in the transportation, telecom, and logistics sectors must enhance endpoint security, system segmentation, identity protection, and real-time monitoring to minimize impact and recover quickly from similar incidents.
