276/68 Thursday, July 31, 2025
On July 28, 2025, pro-Ukrainian hacker groups Silent Crow and the Belarusian Cyber-Partisans claimed responsibility for a major cyberattack targeting Russia’s flagship airline Aeroflot, which crippled the company’s IT systems and forced the cancellation of over 100 flights. The Aeroflot website became inaccessible, and the Russian government later confirmed it was indeed a cyberattack, describing the incident as “deeply concerning.” The disruption affected domestic and international flights, including those operated by affiliated airlines Rossiya and Pobeda, and routes to Armenia, Belarus, and Uzbekistan. It is considered one of the most severe cyber incidents against Russian critical infrastructure since the invasion of Ukraine in 2022.
The Cyber-Partisans declared, “The attack on Aeroflot is part of our support for Ukraine in its resistance against the aggressor.” Meanwhile, Silent Crow posted on Telegram that the operation had been in development for over a year, leveraging social engineering techniques to infiltrate Aeroflot’s network. The group claimed to have exfiltrated large volumes of internal data, including customer information, internal files, voice recordings, chats, and surveillance video footage. They also threatened to leak the personal data of all Russian passengers who have used Aeroflot services. The hackers estimated that system recovery could cost tens of millions of dollars and labeled the breach as a strategic blow to Russia’s image and national systems.
The Cyber-Partisans, a hacktivist group active since 2020, have previously targeted Belarusian state entities such as state-run media and the national railway system. In April 2024, they claimed to have breached the Belarusian KGB network. The group also disrupted railway traffic to hinder Russian arms shipments into Ukraine via Belarus by taking control of railway traffic lights. Regarding the Aeroflot breach, the hackers attributed their success to the airline’s use of outdated technology and inadequate cybersecurity defenses, allowing for deep system infiltration and significant damage.
