Russia’s flagship carrier, Aeroflot, faced a major operational crisis on Monday as a widespread IT systems failure brought significant portions of its network to a standstill. The disruption, which began in the early hours of the morning, impacted flight scheduling, online booking, mobile check-in, baggage processing, and internal communication systems, leaving thousands of passengers stranded at airports across the country and abroad.
The airline confirmed the failure in a brief public statement, acknowledging a “technical incident” that affected key services. However, the situation quickly escalated when a hacker group calling itself BlackStorm claimed responsibility for the outage. The group, which has previously been associated with politically motivated cyber operations, posted a message on a dark web forum stating that the attack was in retaliation for Russia’s continued military presence in Ukraine.
“We targeted Aeroflot to send a clear message to the Kremlin,” the post read. “This is just the beginning. Your systems are not as secure as you think.” The hackers also shared what appeared to be screenshots of internal Aeroflot software, as well as partial employee records and customer information, allegedly extracted from the airline’s servers.
While the authenticity of the hackers’ claims has not yet been independently verified, the Russian Ministry of Digital Development released a statement confirming that a “serious cyber incident” had occurred and was currently under investigation. Authorities stopped short of naming any suspects but said that federal cybersecurity units and law enforcement agencies were working closely with Aeroflot to assess the scope and impact of the breach.
Inside Sheremetyevo International Airport, Aeroflot’s main hub, scenes of confusion and frustration unfolded throughout the day. Passengers reported hours-long lines, delayed or missing flight updates, and staff forced to manually process boarding passes and luggage. Many domestic flights were grounded altogether, while several international departures were either cancelled or significantly delayed. Travelers took to social media to express their anger, with many describing a lack of clear communication from the airline.
Aeroflot issued an updated statement in the afternoon, saying, “Our technical teams are working around the clock to restore full system functionality. While certain services are beginning to come back online, disruptions may continue in the coming days. The safety of our passengers remains our highest priority.”
Cybersecurity experts say the nature and timing of the incident indicate a targeted and well-coordinated attack. Ivan Krutov, an independent cybersecurity analyst based in Moscow, noted that if BlackStorm’s claims are confirmed, the breach would represent one of the most serious digital attacks on Russian transportation infrastructure in recent memory.
“Targeting Aeroflot has a dual effect,” Krutov explained. “It paralyzes a crucial part of the national transport system while also striking at a symbol of Russian state power. This attack is not just about data—it is about visibility, disruption, and international messaging.”
He also warned that the consequences could be far-reaching. “If sensitive passenger data or internal communications have been compromised, this could open the door to further attacks or leaks that might impact national security or diplomatic relations.”
As of Monday evening, partial system functionality had been restored, and Aeroflot stated that most scheduled flights for Tuesday were expected to operate with delays. However, IT specialists cautioned that the recovery process would likely take several days, given the complexity of the airline’s digital infrastructure and the need to perform comprehensive security audits before returning to normal operations.
International reactions to the incident are beginning to surface, with several European aviation authorities expressing concern about possible ripple effects across air traffic systems. A spokesperson for the European Union Aviation Safety Agency (EASA) said it is “closely monitoring the situation and coordinating with member states to ensure passenger safety and flight integrity.”
This incident adds to a growing list of high-profile cyberattacks that have targeted critical infrastructure worldwide. Over the past two years, airports, power grids, and government networks in various countries have suffered from increasingly sophisticated attacks, often linked to geopolitical tensions.
As investigations continue, Russian officials are expected to issue further updates in the coming days. For now, passengers are being urged to check directly with Aeroflot representatives at airports or follow official channels for real-time information regarding flight schedules and service availability.
The attack on Aeroflot serves as a stark reminder of the vulnerabilities facing even the most established national institutions in the digital age, where conflicts are no longer confined to battlefields but fought across networks and data systems that underpin everyday life.
source: reuters.com
Leave a Reply