Russian airline Aeroflot suffered a serious cyberattack on July 28, 2025. The incident caused widespread flight delays and cancellations across several destinations. More than 100 flights were grounded due to a total disruption of the airline’s IT infrastructure. Among the affected routes were departures to Minsk, Tashkent, and Yerevan. The airline’s systems went offline overnight, and flight operations were paralyzed.
Aeroflot issued a public apology after failing to restore normal operations for nearly 48 hours. Reports indicate that check-in systems, scheduling, and internal communications were rendered unusable. Hundreds of passengers were stranded at Russian airports with limited assistance available. According to security sources, this was not a simple disruption—it was a full-scale takedown.
Hackers Claim Attack Was One Year in the Making
Two pro-Ukraine groups claimed responsibility: Belarusian Cyber-Partisans and Ukraine-based Silent Crow. In a joint statement, they claimed to have accessed Aeroflot’s internal systems nearly one year ago. During this time, they say they mapped infrastructure, extracted sensitive files, and gradually deployed destructive malware.
The attackers allege they destroyed over 7,000 Aeroflot servers. In addition, they say they stole 20 terabytes of sensitive data. This includes passenger travel histories, employee records, and internal communications. To support these claims, hackers released what they say is the flight history of Aeroflot’s CEO, Mikhail Poluboyarinov. If authentic, the breach extends into executive-level surveillance.
They also posted warnings about future leaks unless their political demands are met. This suggests the breach was both strategic and ideological—targeting Russian state infrastructure during wartime.
Russian State Response and Eye World’s Takeaways
The Russian government quickly launched a criminal investigation. The Investigative Committee confirmed that multiple state agencies were involved in the response. Kremlin spokespersons described the breach as a threat to national infrastructure. Officials confirmed that all major Aeroflot data centers were being audited for vulnerabilities.
According to security analysts, this attack shows how geopolitical conflicts now bleed into cyber warfare. Hacktivist groups are no longer fringe players—they can destabilize critical national services with surgical precision.
From Eye World’s perspective, the Aeroflot breach is a stark reminder:
- Threat actors now invest in long-term infiltration, not just quick hits.
- Even well-funded institutions are vulnerable if detection systems lag.
- Reputational harm can exceed operational losses.
- No sector—government or commercial—is immune.
A key takeaway for Eye World readers is the value of proactive threat intelligence. Waiting for signs of compromise is no longer enough. Aeroflot reportedly had no visibility into the breach for months, highlighting the need for continuous monitoring, anomaly detection, and offline data recovery capabilities.
