Responsibility for the Aeroflot cyberattack was claimed by Silent Crow in collaboration with Belarusian Cyberpartisans, two hacktivist groups opposing Russian and Belarusian regimes. In a joint statement, Silent Crow said:
“Glory to Ukraine! Long live Belarus!”
The groups claim the operation had been planned over a year and led to the destruction of 7,000 servers and remote access to the personal computers of Aeroflot employees, including senior staff. Screenshots were shared to demonstrate alleged access to Aeroflot’s internal file directories.
The hackers threatened to leak sensitive data:
“We will soon begin publishing the personal data of all Russians who have ever flown Aeroflot,” the groups warned. “This includes intercepted conversations and emails from staff.”
Russian Officials Call for Investigation and Accountability
Lawmakers have described the incident as a digital assault on Russia, with concerns that such attacks could escalate further. Anton Gorelkin, a senior member of Russia’s parliament, said:
“The war against our country is being waged on all fronts, including the digital one. I do not rule out that these hacktivists are serving hostile states.”
Another lawmaker, Anton Nemkin, called for identifying “not only the attackers but those responsible for systemic failures in protection.”
Kremlin spokesperson Dmitry Peskov commented on the threat:
“The information that we are reading in the public domain is quite alarming. The hacker threat is a threat that remains for all large companies providing services to the population.”
Aeroflot Remains Silent on Duration, But Offers Refunds and Rebookings
Aeroflot did not specify when full services would resume. The airline confirmed that affected passengers will be allowed to rebook flights or request refunds once systems are restored. In the meantime, its IT teams are working to mitigate impact and recover operations.
Despite Western sanctions and reduced international routes, Aeroflot remains one of the world’s top 20 airlines by passenger volume, carrying over 55 million travelers in 2023.
Former pilot and aviation analyst Andrei Litvinov warned of deeper consequences:
“This is a serious disaster. If all corporate data is exposed, it can have very long-term consequences… First the drones, now they’re blowing this up from the inside.”
Background on Silent Crow and Belarusian Cyberpartisans
Silent Crow has previously targeted Russian entities including a state telecom provider, the Moscow government’s IT division, a real estate registry, and carmaker KIA’s Russian branch. Belarusian Cyberpartisans, meanwhile, are known for their cyber operations against Belarusian state institutions.
Monday’s incident is one of the most damaging cyberattacks on Russian critical infrastructure since the start of the Ukraine conflict, not only for its scope but also for targeting a high-profile symbol of Russian state enterprise.
