Pro-Ukrainian hackers claim cyberattack behind Aeroflot flight cancellations

Russian national airline Aeroflot was forced to cancel more than 50 flights on July 28 following a cyberattack allegedly carried out by a pro-Ukrainian hacking group, throwing operations into disarray at the height of the holiday travel season.

A hacking group calling itself Silent Crow claimed responsibility for the attack, saying it had collaborated with a Belarusian cyber-activist group known as Cyberpartisans BY. The group linked its actions to opposition to Russia’s invasion of Ukraine, Caliber.Az cites information provided by Reuters. 

“Glory to Ukraine! Long live Belarus!” said the statement, whose authenticity Reuters could not immediately verify.

According to the statement, the hack was the result of a year-long operation that deeply infiltrated Aeroflot’s systems, destroyed 7,000 servers, and allegedly allowed access to the personal computers of company employees, including senior management.

The group also threatened to begin leaking “the personal data of all Russians who have ever flown Aeroflot.” No evidence was provided to support these claims.

The disruption affected primarily domestic routes but also included flights to the Belarusian capital Minsk and the Armenian capital Yerevan. At least 10 additional flights were delayed. Departure boards at Moscow's Sheremetyevo airport turned red as flight after flight was scrapped.

While Aeroflot cited an “information systems failure” as the reason for the cancellations, it did not confirm the source of the outage or how long recovery would take. 

The Kremlin acknowledged the seriousness of the situation.

“The information that we are reading in the public domain is quite alarming. The hacker threat is a threat that remains for all large companies providing services to the population,” said Kremlin spokesman Dmitry Peskov. “We will, of course, clarify the information and wait for appropriate clarifications.”

Russian prosecutors confirmed that the disruption was the result of a cyberattack and have launched a criminal investigation.

Silent Crow has previously claimed responsibility for cyberattacks targeting a range of Russian entities, including a real estate database, a state telecoms company, the Moscow government’s IT department, and the Russian office of South Korean carmaker KIA—some of which resulted in significant data breaches.

By Sabina Mammadli