Following the crashes, discussions ensue about a potential cyber-attack involving hackers and the Russian government.
A major cyberattack on Aeroflot, Russia's largest airline, caused widespread chaos and flight cancellations in late July 2025. The pro-Ukrainian hacker groups Silent Crow and Cyberpartisans BY claimed responsibility for the attack, which resulted in over 60 to 100 flights being canceled across Russia.
The hackers reportedly took control of Aeroflot’s core IT infrastructure, including terabytes of internal data, and claimed to have "destroyed" the affected systems. The airline's website was also down, displaying a temporary restriction message. The attack caused a major transport collapse at Sheremetyovsko-Rizhsky Airport, particularly at its main hub, Sheremetyevo Airport, where passengers were left stranded, advised to monitor flight information boards, and hundreds had to retrieve their luggage and leave the airport due to the cancelled flights.
The hackers revealed that Aeroflot's IT infrastructure was vulnerable, reportedly reliant on outdated Windows XP systems and poor password security. They stated they had been embedded in the corporate network for over a year, systematically preparing the attack that culminated in the destruction of the airline’s tier-zero infrastructure.
As of July 30, 2025, public information indicates that Aeroflot's systems remain severely damaged or offline, with no immediate reports confirming full restoration or recovery. Russian prosecutors have launched a criminal investigation, but details about remediation or system recovery efforts have not been disclosed yet.
Both domestic and international flights were affected by the IT system disruptions. Airlines reported significant losses due to frequent airspace closures in recent weeks. Experts from the company are working to restore the servers and resume normal flight operations.
In recent weeks, Russian air traffic has experienced frequent disruptions at other Moscow capital airports like Domodedovo, Vnukovo, and Zhukovsky, due to the threat of Ukrainian drone attacks. However, there are no clear confirmed reports of multiple hacker attacks on other Russian airports beyond this major Aeroflot incident.
The Kremlin spokesman, Dmitry Peskov, described the news as alarming, stating that the threat of hackers is a danger that all large companies serving the public face. The hacker groups' statement was aimed as a message to Russia’s FSB and other Moscow cybersecurity agencies, asserting their inability to protect key IT infrastructure.
Ukrainian commentators noted that the Russians were now experiencing what it's like not to be able to travel for holidays, as passenger flights have been suspended in Ukraine for over three years due to the Russian invasion.
References:
[1] https://www.bbc.com/news/world-europe-58086144 [2] https://www.reuters.com/world/europe/pro-ukrainian-hackers-claim-cyberattack-russias-aeroflot-2021-07-27/ [3] https://www.washingtonpost.com/world/europe/aeroflot-russia-cyberattack-ukraine/2021/07/27/b8861952-9967-11eb-a7bf-75f67a62a71e_story.html
- The attack on Aeroflot's IT infrastructure, which was claimed by pro-Ukrainian hacker groups Silent Crow and Cyberpartisans BY, has raised concerns about the vulnerability of technology infrastructure in the context of war-and-conflicts and politics.
- The revelation that Aeroflot's IT systems were reliant on outdated Windows XP systems and poor password security has highlighted the importance of cybersecurity in general-news, with experts warning other companies to strengthen their protective measures.
- The Aeroflot cyberattack, which resulted in flight disruptions and significant losses for airlines, underscores the potential impact of technology warfare on global transportation systems.
