On the morning of July 28, Aeroflot, Russia`s flagship carrier, experienced significant operational disruptions, leading to the cancellation of dozens of domestic and international flights.
The primary cause identified was a major failure within its information technology systems. Preliminary reports suggest this extensive system outage was the result of a coordinated cyberattack, with two hacker groups subsequently claiming responsibility for a “successful, prolonged, and large-scale operation.”
Extensive Flight Cancellations at Sheremetyevo Airport
Aeroflot confirmed the IT system malfunction on the morning of the incident, acknowledging potential disruptions to passenger services. The airline advised travelers to monitor flight information displays at airports and listen for public announcements. An official statement from the airline noted, “A team of specialists is working to minimize risks to the flight schedule and to swiftly restore normal service operations.”
The system failure led to the cancellation of numerous round-trip flights originating from and destined for Moscow`s Sheremetyevo Airport. Affected destinations included Astrakhan, Grozny, Ekaterinburg, Yerevan, Kaliningrad, Kazan, Mineralnye Vody, St. Petersburg, Stavropol, Sochi, and other cities. Additionally, at least seven pairs of flights experienced significant delays.
Passengers whose flights were canceled were urged to collect their baggage and vacate Sheremetyevo Airport to prevent overcrowding. Options for affected travelers included refunds or rebooking for flights within the next ten days. However, due to the system malfunction, these services were temporarily unavailable at the airport ticket counters.
The incident has also drawn the attention of the Russian Transport Prosecutor`s Office, which has initiated oversight measures to monitor Aeroflot`s system failure at Sheremetyevo.
Hacker Groups Claim Responsibility for Aeroflot Attack
On the same morning, two hacker groups, Silent Crow and “Cyberpartisans BY” (Киберпартизаны BY), publicly claimed responsibility for the disruptions to Aeroflot`s systems.
“Together with colleagues from `Cyberpartisans BY,` we declare the successful completion of a prolonged and large-scale operation, as a result of which Aeroflot`s internal IT infrastructure was completely compromised and destroyed.”
They asserted that they had maintained access to the airline`s corporate network for an entire year. During this period, they allegedly acquired databases, flight histories, gained control over employee personal computers, and copied data from surveillance servers.
The groups also claimed to have destroyed approximately 7,000 physical and virtual servers. They characterized their operation as “a direct message to the FSB, NCCC, RT-Solar, and other so-called `cyber defenders`.” Their statement concluded with a pro-Ukrainian slogan.
