Belarusian hacker groups Silent Crow and Cyber Partisans launched a coordinated cyberattack on Russian state airline Aeroflot on Monday, July 28. The attack destroyed approximately 7,000 servers, stole 20 terabytes of data, and disabled over 22,000 devices, effectively halting operations at Russia’s largest airline.
Widespread Disruptions Ground Flights and Disrupt Travel
Aeroflot canceled between 49 and over 100 flights, including international routes. Moscow’s Sheremetyevo Airport became the epicenter of the crisis—departure boards froze, passengers were stranded in long lines, and the airline’s app and website went offline.
Social media platforms included complaints such as: “The call centre is unavailable, the website is unavailable, the app is unavailable”.
The Kremlin characterized the incident as “alarming” and Russia’s Prosecutor-General opened a criminal investigation immediately.
A Year in the Making: Strategic Infrastructure Destruction
The breach was not opportunistic. According to claims by Silent Crow and Cyber Partisans, infiltration began as early as 2024, with hackers gradually elevating access to critical systems. The July 2025 strike hit deeply—targeting Active Directory, ERP, CRM platforms, internal email servers, and operational networks.
Security analysts warn this is not a typical ransomware attack but rather a deliberate operation to dismantle Aeroflot’s digital backbone, with recovery expected to take years, if complete restoration is even possible.
Historical Context: Not the First Aviation Cyberattack
This incident follows a troubling trend in airline cyber sabotage:
- In 2016, hackers took down airport displays in Vietnam and stole hundreds of thousands of passenger records.
- In 2018, Iran-based attackers replaced digital schedules with protest slogans at Meshed and Tabriz airports.
- In 2024, a ransomware attack grounded the Seattle airport in the U.S.
- In 2025, hackers hit Kuala Lumpur, demanding $10 million to restore systems.
According to SecureWorld, cyberattacks on aviation have surged by 131% over the past two years.
A Digital Front in Modern Hybrid Warfare
Experts describe the incident as part of an escalating “technology war,” where cyberattacks are used strategically to disrupt critical infrastructure—including aviation networks, GPS navigation, and airport operations. This is no isolated hack; it reflects a larger shift toward cyberattacks on industries vital to national security.
Recent cyber campaigns in Ukraine and Belarus have involved GPS spoofing, data-wiping malware, drone interventions, and more aggressive take-down methods targeting aviation infrastructure.
Vulnerabilities Exposed: Are Airports Cyber-Secure?
Cybersecurity authorities warn that most airports and airlines remain highly susceptible to such breaches. Common weaknesses include:
- Outdated software and legacy servers
- Weak network segmentation
- Contractor access without strict oversight
- Inadequate backup and disaster-recovery planning
- These factors make aviation systems an attractive target for disruptive cyber actors.
Human Impact: Chaos, Delays, and Frustration
The attack shows that cyberwarfare directly affects individual passengers. People found themselves powerless—flight displays failed, communication channels collapsed, baggage delayed, and customer service disabled, leaving many stranded and uncertain about rescheduling or refunds.
Why This Incident Matters
This is the first known destruction of the IT infrastructure of Russia’s flagship airline. The financial losses are estimated in the tens of millions of dollars, and the broader implications reach far beyond commercial operations. Governments and cybersecurity experts in both the EU and the U.S. are treating the attack as a serious warning sign.
The incident underscores a critical reality: Flight safety and operational reliability now depend not just on pilots and air traffic controllers, but on robust cybersecurity defenders behind the screens.
What the American Public Should Know
Travelers or business partners in Russia: Expect major disruptions if traveling or working through Aeroflot-operated routes.
Cybersecurity professionals and government agencies: A case study in high-impact infrastructure compromise.
Public policy and defense analysts: A clear signal that aviation systems are increasingly frontline targets in hybrid warfare strategies.
