📅 July 30, 2025 | ⏱ 6 min read | 🔐 Category: Cybersecurity
In a significant blow to Russia’s aviation sector, Aeroflot, one of Russia’s major airlines, has been hit by a cyberattack that has led to the cancellation of over 60 flights and severe delays across its network.
The cyberattack on Aeroflot was claimed by Ukrainian and Belarusian hacktivist groups known as ‘Silent Crow’ and ‘Cyberpartisans BY.’ These groups have a history of targeting infrastructure that supports Russian military operations, with ‘Cyberpartisans BY’ previously attacking the Belarusian Railway to disrupt the movement of Russian military equipment into Ukraine.
According to statements made on social media platforms X and Telegram, the hacktivists infiltrated Aeroflot’s IT infrastructure over a year ago. They meticulously mapped the network to identify valuable resources before executing a destructive attack. The hackers claim to have accessed 122 hypervisors, 43 ZVIRT virtualization installations, around 100 iLO interfaces for server management, and four Proxmox clusters.
During their infiltration, they reportedly exfiltrated databases containing flight history, employee workstation data, wiretapped phone call recordings, and personnel monitoring systems. On the day of the attack, they allegedly wiped 7,000 physical and virtual servers, erasing 12TB of databases, 8TB of Windows Share files, and 2TB of corporate emails.
While Aeroflot has not officially confirmed the extent of the data destruction or compromise, the operational disruptions are evident. With a fleet of 171 aircraft and a workforce of 33,500 employees, the airline is a critical component of Russia’s transportation infrastructure, carrying over 55 million passengers annually.
The attack has not only caused immediate operational challenges but also poses long-term reputational risks. Flight cancellations and delays continue, with some flights operating without the usual computer system support. This situation underscores the vulnerability of critical infrastructure to cyber threats and the potential for significant disruptions.
This attack is not an isolated incident. In November 2023, Ukraine’s intelligence service claimed responsibility for hacking Russia’s Federal Air Transport Agency, Rosaviatsia. That attack exposed data reflecting the agency’s struggles under international sanctions and a lack of spare parts, further highlighting the strategic use of cyberattacks in geopolitical conflicts.
The Aeroflot cyberattack serves as a stark reminder of the importance of robust cybersecurity measures in the aviation sector. As airlines increasingly rely on digital systems for operations, the potential impact of cyberattacks grows.
This incident should prompt a reevaluation of cybersecurity strategies, particularly for state-owned enterprises that may be targets in geopolitical conflicts. The threat of data exposure also looms large, the hackers threatening to release the stolen data, potentially compromising the privacy of millions of passengers. This aspect of the attack raises concerns about data protection and the need for stringent security protocols to safeguard sensitive information.
As the aviation industry grapples with the fallout from the Aeroflot cyberattack, it is clear that cybersecurity must be a top priority. The incident highlights the need for comprehensive security measures, international cooperation, and proactive threat detection to protect critical infrastructure from cyber threats.
The Cybersecurity landscape is evolving fast. At Cyberix, we don’t just help you keep up. We get you ahead. Because your business isn’t truly protected until it’s CyberixSafe.
Written by: Logan Elliott
Cyberix
https://cyberixsafe.com
