Pro-Ukrainian hackers launched a devastating cyberattack against Aeroflot, Russia’s government-owned flagship airline, canceling 50 flights and leaving hundreds of passengers stranded at Moscow airports on 28 July.

Two hacker groups claimed responsibility for a cyberattack that allegedly destroyed the carrier’s internal IT infrastructure.

The flight disruptions affected routes from Moscow’s Sheremetyevo airport to destinations including Minsk, Yerevan, Yekaterinburg, Kaliningrad, and St. Petersburg.

Hundreds of passengers stuck at Moscow airport

Chaos erupted at Moscow’s Sheremetyevo airport as hundreds of frustrated Aeroflot passengers found themselves trapped in a digital nightmare. After waiting hours for flights that would never depart, travelers discovered they couldn’t even leave the airport easily—bottlenecks formed at exit passages, forcing people to stand in line just to get out of the building.

Traffic jams clogged roads outside as passengers abandoned their travel plans en masse, with many unable to secure refunds since the airline’s systems were down and only call centers could process requests.

According to Russian Telegram channel Baza, the scene resembled a mass evacuation as Aeroflot representatives urged people with canceled flights to simply go home rather than wait at the airport, leaving travelers stranded with no clear timeline for when normal operations might resume or whether their money could be recovered.

Pro-Ukrainian hackers claim responsibility

Anti-Russian groups Silent Crow and Belarusian Cyber Partisans BY claimed they spent a year infiltrating the airline’s network before destroying approximately 7,000 servers, explicitly linking their attack to Russia’s war against Ukraine and signing off with “Glory to Ukraine! Long live Belarus!”

The hackers say they accessed 122 hypervisors and 43 virtualization systems. They allegedly copied 12 terabytes of flight databases, 8 terabytes of corporate files, and 2 terabytes of email. Personal data of every Russian who ever flew Aeroflot? Gone, according to their statement.

“All these resources are now inaccessible or destroyed, restoration will require possibly tens of millions of dollars. The damage is strategic,” the hackers stated in their message.

Cyberattack causes chaos in Aeroflot’s work

The attack’s immediate impact was evident in Aeroflot’s operations. According to Baza’s source within the airline, employees could not access flight plans, contact crew members, or determine aircraft locations. 

One Aeroflot employee described the scene: “I came to work, but we can’t print flight plans, nobody knows anything. I can’t even find the crew number, can’t call the captain.”

The employee continued: “All planes are grounded, management knows nothing: where the plane is, who’s flying, where they’re flying, crew numbers. There’s absolutely nothing.”

Only flights with pre-calculated plans could depart. Everyone else waited. Some crews spent hours sitting in aircraft with no instructions. Many employees were simply sent home.

Russia’s General Prosecutor’s Office confirmed the disruption was a cyberattack, not technical failure, as the hackers promised to publish stolen personal data from every Russian who ever flew the country’s largest airline.

Hackers expose vulnerabilities of Russian security services

Here’s what makes this attack different: The hackers claim they maintained access for an entire year before striking. That’s not opportunistic hacking—that’s patient intelligence work. They allegedly penetrated what they call “Tier0” systems, the core infrastructure that keeps airlines running.

Why target an airline? The hackers were explicit. Their statement addressed Russian security services directly: “You are incapable of protecting even your key infrastructures.” They called it a message to “all employees of the repressive apparatus.”

The groups signed off with “Glory to Ukraine! Long live Belarus!”—making their allegiances clear.

The attack occurred as Russia’s aviation sector already struggles under international sanctions and limited access to Western aircraft and parts. Adding cyberattacks from Ukraine-aligned groups to that list creates a new vulnerability Moscow hadn’t fully considered.