A hacking group linked to Ukraine has claimed responsibility for a cyberattack that has crippled Russia’s flagship airline, leading to travel chaos.
Aeroflot, which is in the top 20 airlines worldwide by passenger numbers, said it had experienced disruption to its electronic systems, forcing it to delay and cancel dozens of flights.
The Silent Crow and Cyber Partisans hacker groups claim to have been lurking in Aeroflot’s systems for a year and have now carried out a “large-scale operation” that led to the “complete compromise and destruction” of Aeroflot’s internal IT infrastructure.
“Glory to Ukraine! Long live Belarus!” said the statement, linking the cyberattack to the war.
In a rare admission of vulnerability, the Kremlin said reports of a cyberattack against Aeroflot were “worrying” and said it was waiting for further information.
The hackers claimed on Telegram that they had infiltrated Aeroflot’s computer network one year ago, allowing them to destroy 7,000 physical and virtual servers.
They claim to have stolen flight history databases, hacked the personal computers of employees, and “copied data from wiretapping servers”, amounting to 12TB of data.
“All these resources are now inaccessible or destroyed, restoration will require, possibly, tens of millions of dollars. The damage is strategic,” the Silent Crow said in a statement published on Telegram.
Aeroflot has not confirmed whether it is the victim of a cyberattack, saying in a statement that “specialists are currently working to minimise the impact on the flight schedule and to restore normal service operations”.
On Telegram, it listed more than 40 cancelled flights to destinations across Russia, as well as to the Belarusian capital Minsk and the Armenian capital Yerevan.
In 2024, passenger traffic of the Aeroflot Group reached 55.3 million passengers, according to the airline’s website.
Travel chaos ensued as many flights were delayed or cancelled
It comes at a time when Russian tourists are flocking back to Europe in their droves, despite the continent’s hardline stance supporting Ukraine.
Hotel stays by Russians in Italy and France surged by more than 19 per cent in the past year, which Ukrainian diplomats branded “disturbing” and a security risk.
The Silent Crow hackers previously claimed responsibility for hacking Russia’s real estate agency, Rosreestr, which is responsible for managing property and land records.
The group created a Telegram channel in December to announce the breach, releasing a portion of a database containing names, dates, phone numbers and email addresses of Russian citizens. The leak was later confirmed by Russian investigative journalists from the Agentstvo news outlet, though Rosreestr denied its systems were breached.
Silent Crow’s anonymity
Unlike known Ukrainian hacktivist groups like the Ukrainian Cyber Alliance or IT Army, which openly align with Ukraine’s interests and coordinate with its government, Silent Crow’s anonymity and lack of prior activity had made attribution more difficult.
Following the cyberattack against Russia’s real estate database, there was no evidence linking the Silent Crows to Ukraine.
However, the attack in December came just weeks after a Russian cyberattack targeted dozens of Ukrainian databases.
The IT Army of Ukraine says it aligns with the Ukrainian government, saying it aims to bring Kyiv’s victory closer “by exhausting the economies of aggressor countries, disrupting the work of important financial, infrastructure, government services and the activities of large taxpayers”.
Earlier this year, the IT Army claimed responsibility for hacking nearly 50 media websites in Kursk, which was invaded by the Ukrainian army last August.
It also claimed responsibility for disruption to a transport payment app in St Petersburg, knocking the service online.
“Each day brings new goals, new victories,” the group said. “We will carry our flag to the end.”
