The Russian airline Aeroflot was forced to cancel dozens of flights on Monday after a shadowy pro-Ukraine hacking group claimed responsibility for what it said was a crippling cyber-attack.
The national carrier did not provide further details about the cause of the problem or how long it would take to resolve, but departure boards at Moscow’s Sheremetyevo airport turned red as flights were cancelled at a time when many Russians take their holidays.
The Kremlin said the situation was worrying, and prosecutors confirmed the airline’s problems were the result of a hack and opened a criminal investigation.
A statement purporting to be from a hacking group called Silent Crow said it had carried out the operation with a Belarusian group called Cyber Partisans, and linked it to the war in Ukraine.
“Glory to Ukraine! Long live Belarus!” said the statement, whose authenticity Reuters could not immediately verify.
Silent Crow has previously claimed responsibility for attacks this year on a Russian real estate database, a state telecoms company, a large insurer, the Moscow government’s IT department and the Russian office of the South Korean carmaker Kia. Some of these resulted in big data leaks.
“The information that we are reading in the public domain is quite alarming. The hacker threat is a threat that remains for all large companies providing services to the population,” the Kremlin spokesperson, Dmitry Peskov, said.
“We will, of course, clarify the information and wait for appropriate clarifications.”
Aeroflot, the transport ministry and the aviation regulator did not immediately respond to requests for comment on the hacking claim.
The airline said it had cancelled more than 50 flights – mostly within Russia but also including routes to the Belarusian capital, Minsk, and the Armenian capital, Yerevan – after reporting a failure in its information systems. At least 10 other flights were delayed.
“Specialists are currently working to minimise the impact on the flight schedule and to restore normal service operations,” it said.
The statement in the name of Silent Crow said the cyber-attack was the result of a year-long operation that had deeply penetrated Aeroflot’s network, destroyed 7,000 servers and gained control over the personal computers of employers including senior managers. It did not provide evidence.
It threatened to shortly start releasing “the personal data of all Russians who have ever flown Aeroflot”.
after newsletter promotion
Since Russia launched its war in Ukraine in February 2022, travellers in Russia have become accustomed to flight disruptions. However, those delays have usually been caused by temporary airport closures during drone attacks.
Irate passengers vented their anger on the social network VK, complaining of a lack of clear information from the airline.
Malena Ashi wrote: “I’ve been sitting at the Volgograd airport since 3:30!!!!! The flight has been rescheduled for the third time!!!!!! This time it was rescheduled for approximately 14:50, and it was supposed to depart at 5:00!!!”
Another traveller, Yulia Pakhota, posted: “The call centre is unavailable, the website is unavailable, the app is unavailable.
How can I return a ticket or exchange it for the next flight, as Aeroflot suggests?”
Aeroflot said affected passengers could get a refund or rebook within 10 days.
Despite western sanctions imposed on Russia that have drastically limited travel and routes, Aeroflot remains among the top 20 airlines worldwide by passenger numbers, which last year hit 55.3 million people, according to its website.