Cyberattack cripples Russia's Aeroflot, grounding flights and exposing passenger data

Russia's airline carrier Aeroflot has been hit by a cyberattack on July 28, 2025 that forced the cancellation of dozens of flights and disrupting operations at Moscow's Sheremetyevo Airport. The attack is claimed by pro-Ukrainian hacking group Silent Crow working in collaboration with Belarusian group Cyberpartisans BY.

The attack caused widespread operational chaos, with at least 42 mostly domestic Aeroflot flights cancelled by late Monday morning, along with international routes to Minsk and Yerevan. Some sources reported even higher numbers. Russian prosecutors confirm that more than 60 flights were cancelled. The outage also disrupted flights operated by Aeroflot's subsidiaries, Rossiya and Pobeda, with some reports indicating over 100 total flight cancellations.

The hacker groups allege that they destroyed approximately 7,000 servers, both physical and virtual, and exfiltrated an estimated 20 terabytes of data, including 12 TB of databases, 8 TB of files from internal Windows shares, and 2 TB of corporate email archives.

The attackers claim to have gained access to numerous critical systems and sensitive data:

• Corporate systems including CREW, Sabre, SharePoint, Exchange, КАСУД, Sirax, CRM, ERP, 1C, DLP
• Internal active directory of users and file shares
• Flight history databases and critical corporate systems
• Personal computers of employees, including senior executives
• Audio recordings of phone calls and surveillance data on employees

The hackers threatened to release personal data of all Russians who have "ever flown with Aeroflot", intercepted conversations and emails of Aeroflot staff and corporate email archives spanning years.

The number of affected individuals is not disclosed but could be substantial, as Aeroflot served 55.3 million passengers in 2024 alone, making it one of the top 20 airlines worldwide by passenger numbers.

Cybersecurity analysts estimate that the cost of rebuilding Aeroflot's digital infrastructure could run into "tens of millions of dollars" and take months, if not longer, to complete. 

Aeroflot acknowledged the disruptions to its electronic systems and stated that specialists were "actively working to minimize the impact on flight operations and restore all services to normal as quickly as possible."

Update - As of 31st of July 2025, Russia’s internet watchdog Roskomnadzor claims there was no confirmation that data had been leaked from Aeroflot after the cyberattack. “Information about a possible data leak from the company has not been confirmed,” the agency told local media on Thursday, without elaborating. The Belarusian hacker group Cyber Partisans leaked travel data apparently belonging to the CEO of Aeroflot Sergei Aleksandrovsky on Telegram.