Aeroflot Under Siege: The Growing Threat of Cyber Attacks on Global Airlines

Pro-Ukrainian Hackers Devastate Russia's Flagship Airline in Year-Long Operation

The aviation industry faced another stark reminder of its vulnerability to cyber threats this week when Russia's flag carrier Aeroflot was forced to cancel dozens of flights on Monday after a pro-Ukrainian hacker group claimed responsibility for a cyberattack on the airline's systems. The attack, orchestrated by the hacker collective Silent Crow in collaboration with the Belarusian group Cyber Partisans BY, represents one of the most devastating cyber assaults on a major international airline in recent memory.

According to the hackers, they had been inside Russia's largest airline's corporate network for a year. As a result, they managed to extract the complete flight history database, compromise critical corporate systems and gain control over employee computers, including those of the company's top management. The scope of the breach was staggering: Silent Crow stated that around 7,000 servers – both physical and virtual – were destroyed. The data obtained includes 12 TB of databases, 8 TB of files from Windows Share, and 2 TB of corporate emails.

Aviation Under Siege: The 2025 Airline and Airport Cyberattack Crisis

The aviation industry is facing an unprecedented wave of cyberattacks in 2025, with major airlines and airports worldwide falling victim to sophisticated hacking operations that have compromised millions of passengers’ personal data and disrupted critical infrastructure systems. In-Depth Technical Document on the CrowdStrike BSOD Incident@cisomarketplace CrowdStrike vs Microsoft: Impact

Breached CompanyBreached Company

The Human Cost of Digital Warfare

The immediate impact was felt by thousands of travelers. Aeroflot, along with its affiliated airlines Rossiya and Pobeda, cancelled over 100 flights, leaving passengers stranded at airports across Russia. Departure boards at Moscow's Sheremetyevo Airport turned red as flights were cancelled at a time when many Russians take their holidays.

The hackers made their political motivations clear, with Silent Crow said the attack was directly linked to Russia's ongoing full-scale invasion of Ukraine. "Glory to Ukraine! Long live Belarus!" the group said in a statement. This attack represents a significant escalation in the digital warfare accompanying the physical conflict, demonstrating how cyber operations can directly impact civilian infrastructure and daily life.

The Shadowy World of Silent Crow

Silent Crow has not officially disclosed its origins, and no government agency has yet identified their exact location. The group currently presents itself as pro-Ukrainian hacktivists operating against Russia and its allies. What makes them particularly noteworthy is their operational approach: they do not demand ransoms, they act publicly and release the stolen data openly. Their actions aim to exert deliberate information pressure rather than achieve financial gain.

This latest attack marks Silent Crow's third high-profile attack on Russian institutions in 2025. Earlier this year, Silent Crow has claimed responsibility for several hacking attacks in the past, including the one targeting Russia's state cadastre and cartography agency in January and on 21 January, Silent Crow carried out another attack – this time targeting Russian telecom giant Rostelecom. The hackers extracted 154,000 email addresses and 101,000 phone numbers of Russian users.

The collaboration with Cyber Partisans BY adds another dimension to the operation. Cyber Partisans is a Belarusian decentralized anonymous hacktivist collective emerged in September 2020, known for its various cyber attacks against the authoritarian Belarusian government. The group has a remarkable track record, having launched the first attack on the railway's systems in late January 2022, in the days immediately before the invasion slowing the movement of Russian troops before they had crossed the border.

A Global Pattern: Aviation Industry Under Siege

The Aeroflot attack is not an isolated incident but part of a broader surge in cyber threats targeting the global aviation sector. In North America, a different but equally concerning pattern has emerged with the activities of the Scattered Spider hacking group.

Scattered Spider's Aviation Campaign

A notorious cybercriminal group has shifted its attention to the aviation industry, successfully breaching the computer networks of multiple airlines in the United States and Canada this month, according to the FBI and private experts responding to the hacks. The hacking hasn't affected airline safety, but it has top cyber executives at major airlines across the United States on alert because of the hacking suspects: A network of young cybercriminals called "Scattered Spider" who are known for their aggressive efforts to extort or embarrass their victims.

The group's methodology differs significantly from Silent Crow's approach. These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA).

Multiple airlines have fallen victim to these attacks. WestJet and Hawaii airlines both said in June statements that they are responding to cyberattacks, while Australian flag carrier Qantas said that it experienced a cyber attack that breached a third-party customer service platform.

A Pattern of Sectoral Focus

What makes Scattered Spider particularly dangerous is their systematic approach. The hackers tend to pick one sector to target for weeks on end. Earlier this month, they were the suspect in a hack of insurance giant Aflac that potentially stole Social Security numbers, insurance claims and health information. Before that, it was the retail sector.

The Broader Threat Landscape

The aviation industry's vulnerability extends far beyond these high-profile cases. According to ICAO, the first half of 2023 saw a 24% surge in aviation cyber attacks worldwide. In addition, the rate of unique malware attacks increased by 50% between October 2022 – January 2023.

Recent incidents demonstrate the diverse nature of threats facing the sector:

• On February 12, 2024, Los Angeles International Airport (LAX) fell victim to a disruptive DDoS attack conducted by the Dark Strom Team
• On February 16, 2024, a hacking group known as SilitNetwork launched a cyberattack against RwandAir Ltd, the national flag carrier of Rwanda
• On February 28, 2024, Saudia Technic, the maintenance, repair, and overhaul (MRO) division of Saudi Arabian Airlines, became the target of a severe cyberattack staged by the notorious 8BASE ransomware gang

The financial implications are staggering. In 2023, the cost of cyber data breaches averaged around US$4.45 million. This doesn't include reputational damage. The recent CrowdStrike incident, while not malicious, demonstrated the sector's vulnerability: Delta Airlines announced that the incident and subsequent interruption to business, such as flight cancellations, led to losses of around US$550 million.

WestJet Under Siege: When Cybercriminals Target Canada’s Critical Aviation Infrastructure

Breaking: June 14 cyberattack on Canada’s second-largest airline exposes vulnerabilities in critical transportation infrastructure In the early hours of June 13, 2025, WestJet’s cybersecurity team detected what would become one of the most significant cyberattacks on Canadian aviation infrastructure in recent years. The incident, which disrupted the airline’s mobile application

Breached CompanyBreached Company

Why Aviation Is a Prime Target

The aviation industry presents an attractive target for cybercriminals and state-sponsored actors for several reasons:

High-Value Data: Airlines collect vast amounts of personal and financial information from passengers, making them lucrative targets for data theft.

Critical Infrastructure: Aviation is essential to global commerce and mobility, making disruptions highly visible and impactful.

Complex Supply Chains: Aviation-specific software and IT vendors score the lowest, with a mean score of 83, posing substantial third-party risks for their airline customers.

Operational Dependencies: Modern aviation relies heavily on interconnected digital systems, creating multiple points of vulnerability.

Geopolitical Dimensions

The Silent Crow and Cyber Partisans attack on Aeroflot illustrates how cyber warfare has become an extension of geopolitical conflicts. The Cyber Partisans have carried out several high-profile cyber-attacks aimed at undermining the Lukashenka regime and its support for Russia's war in Ukraine. Notable operations include the 2022 hack of Belarusian Railways to disrupt Russian troop movements, a major data breach exposing KGB informants, and the sabotage of a Russian A-50 surveillance aircraft at Machulishchy air base.

This represents a new form of asymmetric warfare where small groups of skilled hackers can inflict significant economic and operational damage on state institutions and their allies. According to the group's estimates, restoring the systems could cost tens of millions of dollars, and the damage is considered strategically significant for the company.

Avelo Airlines: From Third-Party Breach to Deportation Flight Controversy

A Tale of Two Cyber Threats: Technical Vulnerabilities and Hacktivist Targeting Avelo Airlines, the Houston-based ultra-low-cost carrier that launched in 2021, has found itself at the center of two distinct cybersecurity narratives that highlight the evolving threat landscape facing modern aviation. From a crippling third-party software breach that nearly derailed

Breached CompanyBreached Company

Industry Response and Future Outlook

The aviation industry is scrambling to adapt to these evolving threats. The U.S. Transportation Security Administration introduced new mandates in March 2023, and the E.U.'s Implementing Regulation 2023/203 will take effect in 2026, setting a new standard for aviation information security risk management.

However, challenges remain significant. 50% of cybersecurity incidents are caused by insiders, though most are carried out accidentally, and 53% of users not changing passwords regularly or recycling the same password across different accounts and additionally, an alarming 57% of users writing passwords on sticky notes for all to see.

Conclusion

The simultaneous emergence of politically motivated hacktivists like Silent Crow and Cyber Partisans BY, alongside financially driven criminal groups like Scattered Spider, represents a perfect storm for the aviation industry. As the Aeroflot incident demonstrates, these attacks can cause real-world disruption affecting thousands of passengers while serving broader political or criminal objectives.

The industry must recognize that cybersecurity is no longer just an IT issue but a fundamental business and safety concern. With cyber-attacks rose by 131% between 2022 and 2023 across the aviation industry, the need for comprehensive, sector-wide security improvements has never been more urgent.

The Smart Airport: Navigating Cybersecurity and Privacy Risks

As technology continues to evolve, so too do the capabilities of modern airports. “Smart airports” leverage advanced technologies to enhance passenger experience, streamline operations, and improve security. However, with these advancements come significant cybersecurity and privacy challenges. This article delves into the intricacies of smart airports, examining the cybersecurity and

Breached CompanyBreached Company

As aviation continues to digitize and interconnect, the sector must evolve its security posture to match the sophistication and determination of its adversaries. The alternative—as passengers stranded in Moscow's airports this week can attest—is an industry increasingly vulnerable to disruption in an interconnected world where the skies are no longer the limit for cyber warfare.