Russia’s biggest airline cancelled dozens of flights on Monday following a failure of the state-owned company’s IT systems and, according to a Russian lawmaker and pro-Ukrainian hackers, was the result of a cyberattack, it was widely reported.
The airline, Aerofloat, said it cancelled about 40 flights following a “technical failure.” An online departure board for Sheremetyevo airport showed dozens of others were delayed. The cancellations and delays hobbled traffic throughout Russia and left travelers stranded at airports. The affected routes were mostly within Russia but also included routes to Belarusian capital Minsk and Yerevan, the capital of Armenia.
“The damage is strategic”
Russian prosecutors confirmed to Reuters that the disruption was caused by a hack and have opened a criminal investigation into it. Russian lawmakers also hinted a cyberattack was the cause of the outage, with one of them, Anton Gorelkin, saying Russia was under digital attack, possibly at the hands of hacktivists with help from unfriendly states.
Two pro-Ukrainian hacker groups, meanwhile, took credit for the attack. Silent Crow, one of the groups, said on Telegram that its members copied the airline's entire database of flight history, audio recordings, internal calls, and surveillance data.
“Restoration will likely require tens of millions of dollars,” the group claimed. “The damage is strategic.”
Silent Crow and the other group, named Belarusian Cyberpartisans, said the cyberattack was the result of a yearlong operation that had deeply penetrated Aeroflot's network, destroyed 7,000 servers, and gained control over the personal computers of employees, including senior managers.
The posts included screenshots of file directories purportedly from inside Aeroflot's network. The posts went on to threaten the imminent release of "the personal data of all Russians who have ever flown Aeroflot" and intercepted conversations and emails of Aeroflot staff.
“We’re helping Ukrainians fight the occupiers by paralyzing Russia’s largest airline and inflicting massive financial damage,” the message posted by the Belarusian Cyberpartisans said in its own declaration of involvement in the operation.
The groups posted screenshots showing purported file directories inside the Aeroflot network. They said they would soon release "the personal data of all Russians who have ever flown Aeroflot" and would also release intercepted conversations and emails of Aeroflot staff.
The Aeroflot outage comes a day after Russian President Vladimir Putin canceled parades of warships in St. Petersburg and scaled back other events planned for celebrating Navy Day in Russia. The move came amid attacks from Ukrainian drones that targeted the city.
Silent Crow has been linked to previous cyberattacks in Russia. One hit Rosreestr, the federal agency overseeing Russia’s land and property registries. Another targeted a contractor of Rostelecom, a Russia-controlled telecom. The Belarusian Cyber-Partisans have previously struck Russian and Belarusian infrastructure, including one in 2022 on the Belarusian Railway that allegedly disrupted Russian arms shipments to Ukraine.
Russia’s aviation infrastructure has been targeted by Ukrainian-linked hackers in the past. Ukraine’s military intelligence agency (HUR) claimed responsibility in 2023 for a cyberattack on the Russian government civil aviation agency Rosaviatsiya. In 2022, the agency reportedly was forced to resort to paper and pen after a hack shut down its network and erased 18 months of email storage.
Original reporting from Radiosvoboda, Reuters, and The Record is here, here, and here.
