Cyberattack on Aeroflot causing mass flight disruptions Russia says The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstatepp Influence Operations ppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp Russian authorities confirmed on Monday that Aeroflot the countrys largest airline and national carrier has been hit with a cyberattack causing widespread flight delays and cancellations pp Aeroflot said a technical failure was to blame for the disruption which began Monday morning and has forced the airline to cancel more than 50 flights including on popular domestic routes such as Moscow St Petersburg and Sochi Some flights planned for later in the week were also canceled pp The company said it is working to restore normal operations and promised to refund passengers or rebook their tickets once its systems are back online Aeroflots shares dropped nearly 4 on Monday The disruptions also hit the companys subsidiaries Rossiya and Pobeda pp Local media shared photos and videos from Russian airports showing long lines of passengers and flight boards filled with delays especially on domestic routes At Moscows Sheremetyevo Airport Aeroflots main hub passengers whose flights were canceled were asked to leave the terminal to reduce crowding Airport staff handed out free water sandwiches and food vouchers to stranded travelers pp ProUkrainian hacker group Silent Crow along with the Belarusian CyberPartisans claimed responsibility for the attack Both groups are known for previous cyber operations against critical infrastructure in Russia and Belarus pp In a statement posted on Telegram the hackers claimed to have completely compromised and destroyed Aeroflots IT infrastructure They said they had stolen the airlines entire database of flight history audio recordings of internal calls and surveillance data including information on staff monitoring systems pp Silent Crow said it had maintained access to Aeroflots corporate network for over a year gradually deepening its foothold within the infrastructure  pp Restoration will likely require tens of millions of dollars The damage is strategic the group claimed pp While Silent Crow is a relatively unknown actor it has been linked to several disruptive cyberattacks in Russia including a breach of Rosreestr the federal agency overseeing land and property registries and an attack on a contractor of major telecom operator Rostelecom Russian investigative journalists previously said that Silent Crow might just be a cover name for a betterknown hacking group wishing to stay anonymous pp The Belarusian CyberPartisans have previously targeted Russian and Belarusian infrastructure including in a cyberattack on the Belarusian Railway in 2022 that allegedly disrupted Russian arms shipments to Ukraine pp Were helping Ukrainians fight the occupiers by paralyzing Russias largest airline and inflicting massive financial damage the group said in a statement on Monday pp The Aeroflot hack is one of the few times Russian officials have publicly confirmed a cyberattack Kremlin spokesperson Dmitry Peskov called the reports of the hack concerning and said the government was awaiting further clarification pp Russias prosecutors have opened a criminal case over the unauthorized access to Aeroflots systems but prosecution is unlikely since the attackers havent been identified pp This is not the first time Russias aviation sector has been targeted by Ukrainelinked hackers In 2023 Ukraines military intelligence agency HUR claimed responsibility for a cyberattack on Russias governments civil aviation agency Rosaviatsiya A year earlier the agency reportedly had to switch to pen and paper after a severe cyberattack shut down its network and allegedly erased 18 months of emails possibly the result of a supply chain compromise pp In another incident earlier this year HUR said it had breached the internal systems of Russias stateowned aircraft manufacturer Tupolev shortly after Ukraine launched a series of drone strikes on Russian airbases pp Flight disruptions across Russia have also become increasingly frequent in recent weeks due to Ukrainian drone attacks some of which have affected Aeroflot operations pp ppDaryna Antoniukppis a reporter for Recorded Future News based in Ukraine She writes about cybersecurity startups cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia She previously was a tech reporter for Forbes Ukraine Her work has also been published at Sifted The Kyiv Independent and The Kyiv PostppPrivacyppAboutppContact Uspp Copyright 2025 The Record from Recorded Future Newsp