Aeroflot aeroflops over 'IT issues' after attackers claim year-long compromise
(2025/07/28)
- Reference: 1753704848
- News link: https://www.theregister.co.uk/2025/07/28/aeroflot_system_compromise/
- Source link:
Russia's largest airline, Aeroflot, canceled numerous flights on Monday morning following what it says was a failure in its IT systems - something hacktivists are claiming responsiblity for.
Several flights departing from and arriving at Moscow's Sheremetyevo Airport were either delayed or canceled entirely, with passengers told to pay attention to announcements made at affected airports.
Aeroflot [1]said via its Telegram channel: "There was a failure in the airline's information systems. Service interruptions are possible.
[2]
"In this regard, a forced adjustment to the flight schedule is expected, including by postponing and canceling. We ask passengers to monitor the information on the online boards of airport websites throughout the airline's route network, airport information boards, and announcements over the airport's loudspeaker.
[3]
[4]
"Currently, a team of specialists is working to minimize the risks of fulfilling the production flight plan and quickly restoring the normal operation of services.
"The airline apologizes for the inconvenience caused."
[5]
A total of 42 flights were canceled at first, with a further seven announced hours after, while additional trips were delayed by varying times from 25 minutes up to, in some cases, nearly three hours.
Passengers scheduled to travel on the canceled flights were told to retrieve their checked luggage from baggage claim and leave the airport to prevent overcrowding.
Affected travelers have the option of claiming a refund on their tickets or rebooking their flight within the next ten days.
[6]
However, Aeroflot said airport ticket offices "are temporarily not processing refunds or rebooking tickets," without explaining why.
These services will become available once more after the airline's services are up and running again, it added.
"At the moment, Sheremetyevo Airport is reissuing tickets only for special categories of passengers: passengers and groups with children, unaccompanied children, passengers with disabilities, SVO participants, and passengers traveling by transfer."
Aeroflot still ranks among the world's top 20 airlines by passenger numbers, despite the [7]extensive sanctions and restrictions placed on it following Russia's invasion of Ukraine in 2022.
Pre-war, the airline ran regular routes to global travel hubs including New York, Los Angeles, Miami, Washington DC, London, Frankfurt, Paris, Rome, and more.
However after Russia-controlled airlines were banned from large swathes of Western airspace, these routes have remained suspended, significantly harming the company's finances to the extent that the Kremlin had to step in with economic support.
[8]UK to ban ransomware payments by public sector organizations
[9]UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies
[10]Ukrainian hackers claim to have destroyed major Russian drone maker's entire network
[11]Operation Eastwood shutters 100+ servers used to DDoS websites supporting Ukraine
Aeroflot had to switch its business to focus on increasing domestic flights and those to countries with which Russia has close ties. Despite rising fuel costs and severe limitations on access to spare parts, it returned to profit in 2024.
The airline carried up to 37.2 million passengers annually before the war, per 2019 figures, but this dropped to just 20.5 million in 2022. As of 2024, numbers are back up to 30.1 million, which still represents a 19 percent decrease on pre-war traffic.
Hacktivists crow about attack
The Silent Crow and Cyberpartisans BY (Belarus) [12]hacktivist groups claimed responsibility for today's disruption, which they said follows a year-long compromise of the airline's systems.
Via Telegram, they claimed to have compromised "all critical corporate systems," including Aeroflot's [13]SharePoint and Microsoft Exchange, those used for personnel surveillance, and more.
[14]
Silent Crow publishes screenshot it claims it took while inside Aeroflot's systems – click to enlarge
The pair also claimed to have destroyed 7,000 servers and stolen 22 TB worth of data from databases, Windows Share, and corporate email, though these claims are unverified and may be exaggerated.
Their joint message took aim at Russia's government and intelligence agencies, concluding: "Glory to Ukraine! Long live Belarus!" ®
Get our [15]Tech Resources
[1] https://t.me/aeroflot_official/2972
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/07/02/aeza_group_us_sanctions/
[8] https://www.theregister.com/2025/07/22/uk_to_ban_ransomware_payments/
[9] https://www.theregister.com/2025/07/20/uk_microsoft_snooping_russia/
[10] https://www.theregister.com/2025/07/16/ukrainian_drone_attack/
[11] https://www.theregister.com/2025/07/16/russian_hacktivist_bust/
[12] https://www.theregister.com/2025/04/13/hacktivism_is_having_a_resurgence/
[13] https://www.theregister.com/2025/07/26/microsoft_sharepoint_attacks_leak/
[14] https://regmedia.co.uk/2025/07/28/silent_crow_aeroflot_hack.jpg
[15] https://whitepapers.theregister.com/
Several flights departing from and arriving at Moscow's Sheremetyevo Airport were either delayed or canceled entirely, with passengers told to pay attention to announcements made at affected airports.
Aeroflot [1]said via its Telegram channel: "There was a failure in the airline's information systems. Service interruptions are possible.
[2]
"In this regard, a forced adjustment to the flight schedule is expected, including by postponing and canceling. We ask passengers to monitor the information on the online boards of airport websites throughout the airline's route network, airport information boards, and announcements over the airport's loudspeaker.
[3]
[4]
"Currently, a team of specialists is working to minimize the risks of fulfilling the production flight plan and quickly restoring the normal operation of services.
"The airline apologizes for the inconvenience caused."
[5]
A total of 42 flights were canceled at first, with a further seven announced hours after, while additional trips were delayed by varying times from 25 minutes up to, in some cases, nearly three hours.
Passengers scheduled to travel on the canceled flights were told to retrieve their checked luggage from baggage claim and leave the airport to prevent overcrowding.
Affected travelers have the option of claiming a refund on their tickets or rebooking their flight within the next ten days.
[6]
However, Aeroflot said airport ticket offices "are temporarily not processing refunds or rebooking tickets," without explaining why.
These services will become available once more after the airline's services are up and running again, it added.
"At the moment, Sheremetyevo Airport is reissuing tickets only for special categories of passengers: passengers and groups with children, unaccompanied children, passengers with disabilities, SVO participants, and passengers traveling by transfer."
Aeroflot still ranks among the world's top 20 airlines by passenger numbers, despite the [7]extensive sanctions and restrictions placed on it following Russia's invasion of Ukraine in 2022.
Pre-war, the airline ran regular routes to global travel hubs including New York, Los Angeles, Miami, Washington DC, London, Frankfurt, Paris, Rome, and more.
However after Russia-controlled airlines were banned from large swathes of Western airspace, these routes have remained suspended, significantly harming the company's finances to the extent that the Kremlin had to step in with economic support.
[8]UK to ban ransomware payments by public sector organizations
[9]UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies
[10]Ukrainian hackers claim to have destroyed major Russian drone maker's entire network
[11]Operation Eastwood shutters 100+ servers used to DDoS websites supporting Ukraine
Aeroflot had to switch its business to focus on increasing domestic flights and those to countries with which Russia has close ties. Despite rising fuel costs and severe limitations on access to spare parts, it returned to profit in 2024.
The airline carried up to 37.2 million passengers annually before the war, per 2019 figures, but this dropped to just 20.5 million in 2022. As of 2024, numbers are back up to 30.1 million, which still represents a 19 percent decrease on pre-war traffic.
Hacktivists crow about attack
The Silent Crow and Cyberpartisans BY (Belarus) [12]hacktivist groups claimed responsibility for today's disruption, which they said follows a year-long compromise of the airline's systems.
Via Telegram, they claimed to have compromised "all critical corporate systems," including Aeroflot's [13]SharePoint and Microsoft Exchange, those used for personnel surveillance, and more.
[14]
Silent Crow publishes screenshot it claims it took while inside Aeroflot's systems – click to enlarge
The pair also claimed to have destroyed 7,000 servers and stolen 22 TB worth of data from databases, Windows Share, and corporate email, though these claims are unverified and may be exaggerated.
Their joint message took aim at Russia's government and intelligence agencies, concluding: "Glory to Ukraine! Long live Belarus!" ®
Get our [15]Tech Resources
[1] https://t.me/aeroflot_official/2972
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIeemtVLpITvPuNhV1AKLAAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/07/02/aeza_group_us_sanctions/
[8] https://www.theregister.com/2025/07/22/uk_to_ban_ransomware_payments/
[9] https://www.theregister.com/2025/07/20/uk_microsoft_snooping_russia/
[10] https://www.theregister.com/2025/07/16/ukrainian_drone_attack/
[11] https://www.theregister.com/2025/07/16/russian_hacktivist_bust/
[12] https://www.theregister.com/2025/04/13/hacktivism_is_having_a_resurgence/
[13] https://www.theregister.com/2025/07/26/microsoft_sharepoint_attacks_leak/
[14] https://regmedia.co.uk/2025/07/28/silent_crow_aeroflot_hack.jpg
[15] https://whitepapers.theregister.com/
.. and there is that other problem.
Anonymous Coward
.. people keep falling out of windows.
Now is that a bit harder in midflight, and due to the imposed restrictions on Russia they're banned from using Boeing's innovation of losing doors midflight, so it all gets much more complicated.
:)
Re: .. and there is that other problem.
Paul Herber
" .. people keep falling out of windows."
That's what communist governments are for, to give you a helping hand when you need it. And Putin and his henchmen think it a good idea as well.
Re: .. and there is that other problem.
LBJsPNS
Putin is hardly Communist.
Re: .. and there is that other problem.
Doctor Syntax
It's arguable that previous dictators were also commuist. Idealistic egalitarian philosphy does tend to get in the way of personal aggrandisment.
Re: .. and there is that other problem.
Paul Herber
Yes, that's why I said he thought it a good idea as well!
Activate Windows
julian_n
So those damn Ruskies are using hookie copies of Windows depriving Uncle Sam's finest of much needed revenues. Shame.
beardman
ruzzia should be a no fly zone until they leave Ukraine.
Anonymous Coward
I think it mostly is with western arilines. My wife went to china a few times and they use to fly through this area, now they navigate between this war and the other one in Isreal adding another 2 hours on to the flight time which was already around 11 hours without this. The two planes (one in 2014) that got shot down by their missles was also another reason why. i think they also said there's no guarantees with UK/US etc planes flying over this region
"Russia's largest airline"
Pascal Monett
Wait, Russia has more than one airline ?
What a shame.