Cyberwar in Everyday Life - Pro-Ukrainian Hackers Cripple Aeroflot and Throw Russia's Travel Network into Chaos

Russia's digital vulnerability reached a new, dramatic level on Monday. The state-owned airline Aeroflot had to cancel more than a hundred flights after a massive hacker attack paralyzed its IT systems. More than 50 round trips were already canceled in the morning, and by the evening the number had risen to at least 114 canceled flights, including numerous domestic routes as well as international flights to Yerevan, Minsk, Tashkent and Astana. The Moscow Sheremetyevo Airport was particularly affected, with its departure board dominated for hours by red "Cancelled" markers. Travelers stared helplessly at the screens while long lines formed at the counters. Responsibility for the attack was claimed by the pro-Ukrainian hacker group Silent Crow and the Belarusian Cyber Partisans. In a joint statement, they described their operation as a "long and large-scale operation" that had led to the "complete compromise and destruction of Aeroflot's internal IT infrastructure." The groups claimed that they had spent over a year infiltrating the airline's systems, compromising all critical corporate systems and even gaining access to executives' computers. In addition, they said they had copied the entire flight database, downloaded data from interception servers including phone recordings and internal communications, and extracted surveillance and employee monitoring systems. In total, around 7,000 physical and virtual servers were destroyed - damage that the hackers estimated could cost "tens of millions of dollars" to repair.

The attackers issued an open challenge to the Russian security apparatus: "To the FSB, NCCCI, RT-Solar and other so-called cyber defenders - you are not capable of protecting even your key infrastructure. To all members of the repressive apparatus - your digital security is worthless, and we have been monitoring you for a long time. Glory to Ukraine! Long live Belarus!" The Cyber Partisans added that Aeroflot had used outdated Windows software and weak passwords. Even Aeroflot CEO Sergei Alexandrovsky had not changed his password since 2022. Russia's Prosecutor General officially confirmed that it was a hacker attack and opened a case for unauthorized access to computer systems under Article 272, Paragraph 4 of the Russian Criminal Code. At the same time, an investigation into the flight cancellations and delays began. Shortly after the attack, the state service portal Gosuslugi also reported a massive outage. According to data from Downdetector, most outages occurred in Moscow (23 percent) and St. Petersburg (11 percent), with further problems in several regions from Nizhny Novgorod to the Yamal area. Users reported that pages would not load, logins failed, and both web and app versions were partially down for hours.

The attack on Aeroflot is part of a growing wave of hybrid operations aimed at disrupting everyday life in Russia. Since the start of the holiday season, there have been regular drone attacks around major airports. Terminals must be evacuated, flights canceled or diverted. Just last week, more than 50 trains were stopped in southern Russia after a drone hit a train station building. Shortly afterward, drones struck in Sochi, killing two people and forcing hotels to evacuate. Digital services - from mobile networks to delivery platforms - also repeatedly suffer disruptions. The goal is to spread insecurity and destroy the perception that the Russian population can largely sit out the war unbothered. Silent Crow and the Cyber Partisans made it unmistakably clear that their campaign is not over. A partial release of the stolen data is already in preparation. For Russian society, the attack on Aeroflot, the country's most visible brand, marks a turning point: The digital war has long since arrived in everyday life. Kremlin spokesman Dmitry Peskov tried to play down the situation but admitted: "Hacker attacks are a threat that exists for all large companies." Behind this sober statement lies growing nervousness. Because the attacks show that nothing in the heart of Russia's infrastructure can be considered truly safe anymore.

Investigative journalism requires courage, conviction – and your support.