Who hacked Russia’s Aeroflot servers, grounding flights and causing mayhem - did a US-backed group sabotage the carrier?

Aeroflot cancels over 40 flights after massive cyberattack disrupts operations- Russia’s national airline, Aeroflot, faced major flight cancellations on Monday, July 28, 2025, after a sudden information systems failure crippled its internal operations. The disruption led to the cancellation of more than 40 domestic and regional flights, primarily from Moscow’s Sheremetyevo International Airport, leaving hundreds of travelers stranded amid the busy summer travel season.

According to reports, 42 to 49 flights were grounded, affecting destinations like Yekaterinburg, Kaliningrad, Grozny, Minsk, and Yerevan. Departure boards turned red as long queues formed, and passengers were advised to leave the airport due to system-wide shutdowns.

Pro-Ukraine hackers claim responsibility for shutdown

Shortly after the breakdown, pro-Ukrainian hacker group Silent Crow, in collaboration with Belarusian cyber-activists Cyber Partisans BY, claimed responsibility for the attack. They announced the operation as part of a broader digital offensive against Russian infrastructure in response to the ongoing conflict in Ukraine.


In a bold statement, the group claimed they had been inside Aeroflot’s internal network for over a year, during which they:

• Compromised more than 7,000 servers
  
  
• Gained access to confidential documents, including internal memos and flight records
  
  
• Extracted sensitive customer and operations data
  
  
• Destroyed core IT infrastructure to prevent recovery
  
  

These claims are still being independently investigated, but the scale of the alleged breach has raised serious concerns over Russia’s cybersecurity vulnerabilities.

Russian authorities confirm cyberattack and launch criminal investigation

The Russian Prosecutor General’s Office confirmed the Aeroflot system failure was caused by unauthorized access. In response, officials opened a criminal case under the charge of illegal access to computer information systems. The probe is being handled by Russia’s cybersecurity and intelligence agencies.

Kremlin spokesperson Dmitry Peskov addressed the media, describing the cyber breach as “deeply alarming” and warned that state-affiliated companies are increasingly becoming targets in cyberwarfare linked to geopolitical tensions.

Passengers left without refunds or assistance amid chaos

The system failure had a direct impact on Aeroflot’s customer service platforms, including ticketing, boarding, and refund processing. Many passengers were told that ticket counters could not process cancellations or rebookings.

Instead, travelers were instructed to:

• Leave Sheremetyevo Airport to avoid overcrowding
  
  
• Contact Aeroflot’s hotline or rebooking agents within the next 10 days
  
  
• Submit refund and rescheduling requests online or through their original purchase channels
  
  

This left hundreds of frustrated passengers, many with children and luggage, scrambling to adjust their travel plans without any on-site support—highlighting Aeroflot’s poor crisis management infrastructure.

Hacker group claims destruction of airline’s core systems

Silent Crow released a detailed explanation of the operation, alleging that they not only infiltrated but also destroyed Aeroflot’s entire server infrastructure, including its SAP management systems, staff scheduling, and communications platforms.

They also claimed the deletion of critical internal files and the encryption of backup systems, making data recovery nearly impossible. Screenshots shared by the hackers—though not yet authenticated—showed internal messages, flight manifests, and system logs as proof of the breach.

Cybersecurity analysts say this may be one of the most damaging cyberattacks on a commercial airline in recent years.

Broader cybersecurity implications amid Russia-Ukraine conflict

This attack is the latest in a growing list of cyber incidents targeting Russian digital infrastructure, often attributed to pro-Ukrainian digital resistance groups. Since the 2022 invasion of Ukraine, energy providers, rail services, government portals, and even banks in Russia have been targeted.

Experts warn that:

• Russia’s civil aviation sector is now an open target
  
  
• Hybrid warfare now includes digital attacks meant to destabilize civilian logistics
  
  
• International carriers may soon need to upgrade airline cybersecurity protocols
  
  

Cyberwarfare has become a new battlefield in the Russia-Ukraine conflict, with major ripple effects on public safety, economic systems, and global travel.

Aeroflot's ongoing crisis and uncertain recovery timeline

Aeroflot stated that technical specialists are working around the clock to restore operations but did not give a timeline for full recovery. Online services remained intermittently down as of late July 28.

There has been no formal acknowledgment of the hacker claims by the airline, though internal investigations are reportedly underway. Data breach reports and internal sabotage are still being assessed.

For now, travelers are advised to check Aeroflot’s official channels and airport announcements for updates. Delays and possible rolling cancellations may continue over the next few days.

What travelers need to know moving forward

If you were impacted by the Aeroflot cancellations, here’s what to do:

• Check your flight status using alternate flight-tracking platforms
  
  
• Contact Aeroflot’s helpline or customer portal for refunds or rebooking
  
  
• Keep documentation such as tickets and receipts for refund eligibility
  
  
• Avoid heading directly to the airport unless your flight is confirmed
  
  
• Expect delays even after service resumes due to backlogged operations
  
  

Cyberattacks now pose a real threat to global air travel

The Aeroflot incident underscores a new global reality: airlines are becoming high-value targets in geopolitical cyber conflicts. As travel rebounds post-pandemic, ensuring airline IT infrastructure is secure, redundant, and resilient is more critical than ever.

This latest disruption adds urgency to the global push for better cybersecurity protocols across aviation networks, especially in regions impacted by military conflict.

FAQs:

Q1. What caused Aeroflot to cancel flights on July 28?
A cyberattack crippled Aeroflot’s internal IT systems, causing over 40 flight cancellations.

Q2. Who hacked Aeroflot’s systems in 2025?
A pro-Ukraine hacker group named Silent Crow claimed responsibility for the Aeroflot cyberattack.