On the morning of July 28, Aeroflot cancelled dozens of flights, both domestic and international, due to a severe malfunction in its information systems. Preliminary investigations suggest the disruption was caused by a hacker attack, with two groups claiming responsibility for what they described as a «successful, prolonged, and large-scale operation.»
Widespread Disruptions and Aeroflot`s Response
Aeroflot confirmed the IT system failure, warning passengers of potential service interruptions and urging them to monitor airport online departure boards and announcements. The airline stated that a dedicated team of specialists is actively working to minimize impacts on flight operations and swiftly restore normal service.
The system failure resulted in the cancellation of numerous round-trip flights originating from and destined for Moscow. Affected destinations included Astrakhan, Grozny, Yekaterinburg, Yerevan, Kaliningrad, Kazan, Mineralnye Vody, St. Petersburg, Stavropol, and Sochi, among others. Additionally, at least seven more pairs of flights experienced delays.
Passengers of cancelled flights were advised to collect their luggage and promptly leave Sheremetyevo Airport to prevent overcrowding. Options for refunds or rebooking on flights within the next 10 days were made available; however, airport ticket counters were temporarily unable to process these transactions, likely due to the ongoing system malfunction.
Russia`s transport prosecutor`s office has initiated oversight measures, closely monitoring the situation surrounding the airline`s system failure at Sheremetyevo Airport.
Hacker Groups Claim Responsibility
On the same morning, hacker groups Silent Crow and «Cyberpartisans BY» publicly claimed involvement in the disruptions to Aeroflot`s systems.
According to their statements, they had maintained unauthorized access to the airline`s corporate network for a year, during which they allegedly acquired sensitive data, including databases, flight histories, control over employee personal computers, and information from surveillance servers.
The groups further asserted that they destroyed approximately 7,000 physical and virtual servers. They characterized their operation as a «direct message» to Russian federal security and cybersecurity agencies, including the FSB and RT-Solar. Their announcement also included a pro-Ukrainian slogan.
