Russia’s flagship airline, Aeroflot, faced massive disruption on Monday as a pro-Ukraine hacking group, Silent Crow, claimed responsibility for a devastating cyberattack that shut down the airline’s systems, grounded over 50 flights, and sparked a criminal investigation. As Moscow’s Sheremetyevo airport turned into a scene of digital chaos, the Kremlin acknowledged the severity of the breach, highlighting the growing role of cyberwarfare in the geopolitical conflict.
Grounded by Hacktivism: The Aeroflot Breach and Who’s Behind It
Aeroflot, Russia’s largest and most prestigious airline, abruptly cancelled more than 50 flights on Monday, citing “information system failures.” While the airline itself offered no detailed explanation, a joint statement from hacking groups Silent Crow and Belarus-based Cyber Partisans claimed responsibility, framing the attack as a politically motivated strike tied to the ongoing war in Ukraine.
The alleged perpetrators, long active in the digital underground, declared this was the result of a year-long infiltration operation, asserting they had destroyed 7,000 servers and taken over the computers of top-level Aeroflot employees. The message ended with a stark threat: the imminent release of personal data of all Aeroflot passengers—a warning aimed at sowing public panic and undermining state infrastructure.
The hackers’ message read: “Glory to Ukraine! Long live Belarus!”, reinforcing their political motivations. Cybersecurity experts, including Rafe Pilling of Sophos, confirmed that the incident appeared ideological rather than financial, distinguishing it from typical ransomware attacks designed for extortion.
Kremlin Admits Cyber Breach as Passengers Lash Out
The Kremlin responded with unusual candor. Spokesperson Dmitry Peskov acknowledged the seriousness of the situation, calling the reports “quite alarming.” Russian prosecutors confirmed a criminal probe had been launched, citing cyber intrusion as the cause.
Meanwhile, passengers flooded social media platform VK with complaints of hours-long delays, unavailable websites, and inaccessible call centers. Some travelers reported being stranded at regional airports since the early morning hours with no clarity on when they could fly or how to rebook.
“I’ve been sitting at the Volgograd airport since 3:30!” wrote one frustrated flyer. “The flight has been rescheduled for the third time!”
The airline eventually announced that passengers could either rebook within 10 days or request a full refund, but the lack of real-time communication only deepened the public’s frustration.
Cyberwarfare Takes Off: A New Frontline in the Ukraine Conflict
Since the Russian invasion of Ukraine in February 2022, cyberattacks have emerged as a parallel battlefield. Ukraine’s formation of the “IT Army of Ukraine,” a 300,000-strong network of volunteer hackers, signaled a shift in modern warfare—where data breaches, server takedowns, and infrastructure disruption operate alongside drones and tanks.
Silent Crow and Cyber Partisans have previously claimed attacks on Russian telecom firms, insurance companies, and even the Moscow government’s IT department. But the Aeroflot hack marks the most high-profile and disruptive strike to date, affecting not just internal systems but also tens of thousands of Russian travelers during peak vacation season.
The symbolic weight of targeting Aeroflot—once a Soviet-era prestige brand and still among the world’s top 20 airlines by passenger numbers— adds a layer of psychological warfare to the operation. Even with Western sanctions grounding most international routes, Aeroflot remains a critical artery in Russia’s domestic transportation system.