At the height of the summer season, an unprecedented cyberattack hit Aeroflot, Russia’s flagship airline. On July 28, pro-Ukrainian Silent Crow hackers managed to infiltrate the company’s systems, resulting in the cancellation of dozens of flights and the risk of leaking passengers’ personal data. While the Russian authorities quickly launched an investigation, this incident reveals the vulnerabilities of critical infrastructures and the new digital threats facing the airline industry.
Hackers cripple Aeroflot and threaten to publish passenger data
On July 28, 2025, Aeroflot was the target of a coordinated cyberattack, claimed by the pro-Ukrainian group Silent Crow, in collaboration with the Belarusian Cyber Partisans. According to the perpetrators, the attack, which had been planned for a long time, was clearly aimed at destabilizing one of the pillars of Russian air transport, considered to be of strategic national importance.
The hackers claim to have infiltrated Aeroflot’s internal systems for almost a year, accumulating privileged access to servers, internal networks and employee workstations. Once their presence was well established, they proceeded to destroy almost 7,000 servers (according to their own claims), bringing the company’s operations to an immediate halt.
Most worrying of all, however, was the compromise of the personal computers of several employees and senior executives, and access to a database containing flight histories, passenger identities and other sensitive data. The attackers are now threatening to publish this information publicly, and claim to want to reveal the movements of certain profiles linked to Russian power.
Over 40 flights cancelled and chaos at Moscow airport
The cyberattack had an immediate and visible effect on Aeroflot’s operations. More than 40 flights were canceled as of July 28, mainly from Moscow’s Sheremetyevo International Airport, causing major disruption to one of the country’s biggest air hubs. Reservation, check-in, passenger information and flight management systems have been severely affected, making normal coordination impossible.
Passengers, left to their own devices, expressed their frustration on social networks, denouncing the lack of real-time information and the impossibility of reaching customer service. Many passengers only learned of the cancellation of their flight once they arrived at the airport.
Given the scale of the situation, Aeroflot’s technical teams have been mobilized as a matter of urgency. The company claims to be working tirelessly to restore its digital services, while implementing manual back-up procedures to enable partial resumption of flights. It has also promised refunds and free ticket changes once its systems have stabilized. Despite these efforts, full resumption is likely to be gradual, and the company remains under pressure until the security flaws have been fully corrected.
Lessons learned for the future
The computer attack on Aeroflot on July 28, 2025 was a major event, both in terms of its scale and its practical repercussions. In the space of a few hours, Russia’s largest airline saw its IT systems disrupted, over 40 flights cancelled and its public image weakened. The claims of the Silent Crow group, supported by Cyber Partisans, reveal a targeted digital offensive, carried out against a backdrop of geopolitical tension, but aimed at sensitive civilian infrastructures.
Beyond the Aeroflot case, this attack is a reminder of the extent to which strategic companies remain exposed to cyber threats, even outside the purely military sector. Aviation, railways, energy and telecommunications are all areas where a well-executed intrusion can have very tangible effects. This underscores theurgent need to strengthen cybersecurity policies, both in technical terms (firewalls, network monitoring, redundancy of critical systems) and in human terms (training, culture of vigilance).
For affected passengers, Aeroflot promises free refunds and modifications, but also recommends monitoring official communications and changing passwords if personal data has been used when booking. In the long term, the airline industry will need to review its data protection strategy and strengthen the resilience of its systems in the face of next-generation cyber threats.
About the author
Adrien Piron
