Russian airline Aeroflot has reportedly suffered a major cyberattack that crippled its internal IT infrastructure, according to a joint statement from hacker groups Silent Crow and Cyber Partisans BY released on July 28. The groups claim responsibility for what they described as a "prolonged and large-scale operation."
According to a report by Kommersant, Silent Crow stated it had maintained access to Aeroflot’s internal corporate network for over a year. The hackers claim the attack disabled approximately 7,000 servers—both physical and virtual—and compromised critical company systems.
The intruders allege they accessed flight history databases, breached all key corporate systems, took control of employee computers (including those of top executives), and copied data from surveillance and monitoring servers. They estimate the volume of stolen data at 12 terabytes.
In a statement posted to Telegram, Silent Crow said that the company’s resources were either destroyed or rendered inaccessible, warning that full recovery could cost tens of millions of dollars. They described the damage as "strategic" in scale.
Aeroflot acknowledged an IT system failure on the morning of July 28 but did not specify the cause or timeline for resolving the disruption. As a result, the airline canceled 42 flights at Moscow’s Sheremetyevo Airport, where long lines of stranded passengers formed. The Moscow Prosecutor’s Office has launched an investigation into the incident.
The recent cyberattack on Russian airline Aeroflot has drawn international attention not only for its scale, but also for the groups behind it — Silent Crow and Cyber Partisans BY — both of whom have a record of targeting state-linked entities.
Cyber Partisans BY is a Belarusian hacktivist group formed in September 2020 in response to mass protests against President Alexander Lukashenko's regime. Known for its political motivations, the group made headlines in early 2022 after hacking and disabling the servers of the Belarusian Railways, demanding the release of 50 political prisoners.
The group has also published personal data of law enforcement and government officials it deemed responsible for human rights violations during the 2020 protests. In November 2022, it claimed responsibility for an attack on Russia’s Main Radio Frequency Center, a body under the supervision of Roskomnadzor. That operation resulted in encrypted servers, damaged infrastructure, and the leak of 2 terabytes of internal documents. In 2023, the group said it hacked Belarus’ state-run news agency BelTA.
Silent Crow, a lesser-known but increasingly prominent group, emerged publicly in January 2025, claiming it had breached the Russian state property registry (Rosreestr), accessing over 1 terabyte of personal data involving 2 billion records.
That same month, Silent Crow took responsibility for a breach linked to Russian telecom giant Rostelecom, through one of its contractors. Leaked databases reportedly included 154,000 email addresses and 101,000 phone numbers.
In February, Silent Crow published a fragment of a database allegedly belonging to Moscow’s Department of Information Technologies. The leak contained 1 million records, including full names, phone numbers (684,000 unique), email addresses (363,000), birthdates, passport details, and residential addresses. The group also claimed attacks on Kia Russia & CIS, AlfaStrakhovanie-Life, and the Alfa Bank Client Club.
Together, Silent Crow and Cyber Partisans BY represent a new wave of politically motivated and strategically targeted cyberattacks, raising alarms about the vulnerability of key state-linked infrastructure in Russia and Belarus.
