Aeroflot Grounded by Cyberattack: Flights Cancelled, Data Breached, and Global Concerns on the Rise
Aeroflot, Russia's flagship carrier and one of the largest airlines in the country, has fallen victim to a significant cyberattack, leading to the cancellation of approximately 50 pairs of flights. This incident has not only disrupted the travel plans of countless passengers but has also highlighted the growing vulnerability of critical infrastructure to cyber threats, sending ripples through the aviation industry, society, and political spheres.
28 July 2025
Reports indicate that Aeroflot's information systems were compromised by hackers, with two hacker groups claiming responsibility. These groups assert they had infiltrated the airline's corporate network for over a year, destroying about 7,000 physical and virtual servers and taking control of personal computers, including those of management staff. The attack resulted in the copying of vast amounts of data, further complicating the situation.
For the aviation industry, this cyberattack underscores an urgent need for enhanced cybersecurity measures. As airlines and aviation authorities increasingly rely on digital systems for operations, the susceptibility of these systems to cyber threats poses a significant risk. This incident, reminiscent of the 2015 LOT Polish Airlines hack, reinforces the necessity for comprehensive vulnerability assessments and robust incident response plans. The reliance on third-party software and systems, as highlighted in the CrowdStrike incident, presents a considerable supply chain cybersecurity risk, further emphasizing the need for vigilant cybersecurity practices.
Societally, the impact of such attacks extends beyond mere inconvenience, affecting tourism, business, and personal lives. The economic repercussions are substantial, impacting not only the airline but also airports, hotels, and related services. Moreover, events like these can erode public trust in the security and reliability of air travel, raising concerns over the potential for malicious actors to exploit these vulnerabilities.
Politically, a cyberattack on a national airline can be perceived as an act of aggression, potentially escalating tensions and impacting international relations. This incident could lead to calls for stronger international cooperation on cybersecurity, the development of common standards and protocols, and possibly retaliatory measures. It also raises questions about national security, as disruptions in air travel can affect military readiness and strategic transportation.
Aeroflot is working diligently to restore its systems and is offering refunds or rescheduling services to affected passengers. The Moscow Prosecutor's Office has launched an investigation into the attack. As the story unfolds, it serves as a stark reminder of the potent and far-reaching consequences of cyber warfare, necessitating a multi-faceted approach to security that encompasses technological, regulatory, and diplomatic strategies.