Russia’s Aeroflot was forced to cancel dozens of flights on Monday after a crippling cyberattack claimed by a shadowy pro-Ukrainian hacking group.
The incident, which one lawmaker called a “wake-up call” for Moscow, prompted the Kremlin to express concern and prosecutors to launch a criminal investigation.
Senior lawmaker Anton Gorelkin said Russia was under “digital attack,” adding: “We must not forget that the war against our country is being waged on all fronts, including the digital one.
“And I do not rule out that the ‘hacktivists’ who claimed responsibility for the incident are in the service of unfriendly states.”
Departure boards at Moscow’s Sheremetyevo Airport turned red as flights were cancelled during a peak holiday period.
A statement from a hacking group called Silent Crow, purporting to have acted with Belarusian group Cyberpartisans BY, linked the operation to the war in Ukraine.
Aeroflot has not indicated how long the problems will take to resolve.
“Glory to Ukraine! Long live Belarus!” said the statement, whose authenticity Reuters could not immediately verify.
There was no immediate comment from Ukraine.
Silent Crow has previously claimed responsibility for attacks this year on a Russian real estate database, a state telecoms company, a large insurance firm, the Moscow government’s IT department and the Russian office of South Korean carmaker KIA. Some of those resulted in big data leaks.
“The information that we are reading in the public domain is quite alarming. The hacker threat is a threat that remains for all large companies providing services to the population,” Kremlin spokesman Dmitry Peskov said.
Aeroflot, the transport ministry and the aviation regulator did not immediately respond to requests for comment on the hack.
The airline said it had cancelled more than 40 flights – mostly within Russia but also including routes to the Belarusian capital Minsk and the Armenian capital Yerevan – after reporting a failure in its information systems. At least 10 other flights were delayed.
“Specialists are currently working to minimise the impact on the flight schedule and to restore normal service operations,” it said.
The statement in the name of Silent Crow said the cyberattack was the result of a year-long operation which had deeply penetrated Aeroflot’s network, destroyed 7,000 servers and gained control over the personal computers of employees, including senior managers.
It published screenshots of file directories purportedly from inside Aeroflot’s network and threatened to shortly start releasing “the personal data of all Russians who have ever flown Aeroflot”.
Angry passengers
Since Russia launched its war in Ukraine in February 2022, travellers in Russia have become accustomed to flight disruptions. However, those delays have usually been caused by temporary airport closures during drone attacks.
Irate passengers vented their anger on social network VK, complaining about a lack of clear information from the airline.
Malena Ashi wrote: “I’ve been sitting at Volgograd airport since 3:30!!!!! The flight has been rescheduled for the third time!!!!!! This time it was rescheduled for approximately 14:50, and it was supposed to depart at 5:00!!!”
Another woman, Yulia Pakhota, posted: “The call centre is unavailable, the website is unavailable, the app is unavailable.
How can I return a ticket or exchange it for the next flight, as Aeroflot suggests?”
Aeroflot said affected passengers could get a refund or rebook as soon as its systems were up and running and that it was trying to get some affected passengers seats on other airlines.
Despite Western sanctions on Russia that have drastically limited travel and routes, Aeroflot remains among the top 20 airlines worldwide by passenger numbers, which last year hit 55.3 million people, according to its website.
