A significant cyberattack has disrupted air travel across Russia after Aeroflot, the nation’s largest airline, was targeted on Monday. The incident resulted in the grounding of dozens of flights and triggered an ongoing criminal investigation.
While official details remain scarce, the attack has been attributed to the pro-Ukrainian hacker collective Silent Crow, reportedly working alongside Belarusian actors. The group claimed responsibility via Telegram, citing retaliation for Russia’s continued military actions in Ukraine.
According to the group’s statement, the attackers allegedly gained deep access to Aeroflot’s internal infrastructure, claiming to have extracted terabytes of company data and to have “permanently destroyed” key operational systems. Screenshots shared by the group purportedly show access to internal services such as user directories and file storage systems.
One of the most alarming claims is that the hackers now possess personal information on every Russian citizen who has ever flown with Aeroflot—a serious potential breach of sensitive data at national scale.
As of Monday, Aeroflot’s official website remained inaccessible, displaying a message that it had been “temporarily restricted.” Meanwhile, footage from Moscow’s Sheremetyevo International Airport showed departure boards flooded with cancellations.
Russian authorities have confirmed the cyberattack and acknowledged the cancellation of over 60 flights. Prosecutors announced that a criminal investigation is now underway to determine the scope and source of the breach.
This incident highlights the increasing cyber vulnerability of critical infrastructure, particularly in the transportation sector. As geopolitically motivated cyber warfare continues to escalate, it underscores the urgent need for resilient cybersecurity frameworks, proactive monitoring, and rapid incident response capabilities.