On July 28, Russian flag carrier Aeroflot experienced a significant disruption to its information systems, leading to the cancellation of numerous flights, both domestic and international. The airline confirmed the incident, acknowledging potential service interruptions for passengers due to the system failure.
Impact on Passengers and Investigation
Passengers affected by the cancellations were advised to collect their luggage and leave Sheremetyevo Airport to prevent overcrowding. Aeroflot offered options for refunds or rebooking for flights within the next 10 days, though temporary issues reportedly affected airport cashiers due to the ongoing system difficulties. Following the incident, the Russian transport prosecutor`s office initiated an oversight investigation into the system failure at Sheremetyevo.
Hacker Groups Claim Responsibility
Two hacker groups, Silent Crow and “Kiberpartizany BY” (Cyberpartisans BY), have claimed responsibility for the cyberattack. They declared a “successful, prolonged, and large-scale operation” that allegedly compromised and destroyed Aeroflot`s internal IT infrastructure.
“Together with colleagues from `Kiberpartizany BY`, we announce the successful completion of a prolonged and large-scale operation, as a result of which Aeroflot`s internal IT infrastructure was completely compromised and destroyed.”
— Hacker group Silent Crow
According to the groups, they maintained access to the airline`s corporate network for a year, during which they acquired sensitive data, including databases, flight histories, control over employee computers, and data from eavesdropping servers. They further stated they destroyed approximately 7,000 physical and virtual servers. The hackers characterized their action as a “direct message” to Russian cybersecurity entities, concluding their statement with a pro-Ukrainian slogan.
Clement Ashworth 
Barnaby Whitfield