Pro-Ukraine Hackers Infiltrate Aeroflot for a Year, Launch Devastating Cyberstrike

Silent Crow and Belarusian Cyber Partisans Say They Infiltrated Airline’s IT System for a Year Before Launching Disruptive Strike

MOSCOW — July 28, 2025 — International Cybersecurity Correspondent
A major disruption struck Russia’s national airline Aeroflot on Sunday, forcing the cancellation of dozens of domestic and international flights after a reported cyberattack disabled critical systems.

The company cited a “massive malfunction” in its internal IT infrastructure and issued a warning via Telegram:

“There has been a failure in the airline’s information systems. Service disruptions are possible.”

While Aeroflot stopped short of officially labeling it a cyberattack, a pro-Ukrainian hacker group known as Silent Crow claimed responsibility for what it called a “deep and methodical operation” that had penetrated the airline’s digital infrastructure for over a year.

The Attack: Silent Sabotage from Within

Silent Crow released a statement on Telegram:

“For a year, we were inside their corporate network, methodically developing access, going deep into the very core of the infrastructure.”

The group claims the attack was carried out in partnership with the Belarusian opposition-linked group Cyber Partisans BY, known for targeting authoritarian institutions across Eastern Europe. Together, they allegedly exfiltrated sensitive flight, passenger, and internal operation data, and then disabled core functions of Aeroflot’s scheduling and ticketing systems.

Flights Canceled, Passengers Stranded

The cyberattack paralyzed check-in systems, boarding procedures, and online platforms, leading to widespread delays and cancellations primarily at Moscow’s Sheremetyevo International Airport. Long lines, stranded passengers, and frustrated travelers became a common sight.

“We were told nothing. Just ‘technical issues’—but hours passed and we were never rebooked,” said Nikita Ivanova, a passenger stranded en route to Sochi.

Dozens of flights were listed as “cancelled” or “delayed indefinitely,” with ripple effects affecting routes to Istanbul, Dubai, Frankfurt, and Beijing.

Strategic and Geopolitical Implications

This breach underscores the growing use of cyberwarfare as a proxy battlefield in the ongoing Russia-Ukraine conflict. Silent Crow described the attack as a response to “Russian aggression, state terror, and the weaponization of travel systems.”

While Russia’s Ministry of Transport did not respond to press inquiries, cybersecurity analysts noted that state-linked infrastructure may remain vulnerable to hybrid warfare due to outdated defenses and internal mistrust.

“This isn’t just cyber vandalism—it’s geopolitical warfare with civilian fallout,” said Anastasia Kovaleva, a cybersecurity researcher at Warsaw Security Forum.

Background on the Hacktivist Groups

• Silent Crow emerged in early 2023 and has focused on pro-Ukrainian cyber sabotage operations.
• Cyber Partisans BY, a well-known Belarusian resistance group, previously targeted railway systems and government databases to obstruct Russian military logistics.

Their collaboration highlights a growing transnational cyber-resistance movement aimed at state-run systems in Russia and Belarus.

Human and Economic Cost

Beyond the digital battlefield, the attack has caused financial losses and eroded public confidence in Aeroflot—a carrier already under pressure from international sanctions and reduced global routes.

Many passengers voiced frustration over the lack of transparency and poor communication, with social media filled with videos of chaotic scenes in airport terminals.

Aeroflot has not confirmed whether customer data was compromised but is reportedly working with Roskomnadzor and internal cybersecurity units to restore services.