In one of the most disruptive cyber offensives against Russian infrastructure this year, pro-Ukrainian and Belarusian-aligned hackers claim to have executed a major cyberattack on Russia’s flagship airline, Aeroflot, grounding flights, stealing sensitive data, and publishing the travel history of its top executive.
A Coordinated Strike
The attack, which occurred on July 28, 2025, was reportedly orchestrated by the Ukrainian-aligned group IT Army of Ukraine, along with the Belarusian Cyber Partisans. According to a Reuters report, the hackers claimed responsibility for breaching Aeroflot’s systems, deleting petabytes of data, and wiping critical backups, which paralyzed internal operations.
The impact was immediate and wide-ranging. Aeroflot was forced to cancel over 100 flights, stranding passengers and causing significant delays across its domestic and international network. The Thai Computer Emergency Response Team (ThaiCERT) corroborated the incident, stating that the cyberattack resulted in a “significant disruption” that targeted check-in systems, booking services, and flight operations (ThaiCERT).
Message Behind the Mayhem
The hackers made it clear this was not a random act. In a statement shared on Telegram and later confirmed by various outlets, the IT Army declared the attack a “retaliatory measure” in response to Russia’s continued aggression in Ukraine. The Cyber Partisans emphasized that Russian entities complicit in supporting the war were valid targets.
A spokesperson for the group told the BBC, “We aim to expose not just the infrastructure but the people behind the war machine” (BBC News).
CEO’s Secrets Revealed
In a bold post-attack move, the hackers claimed to have accessed and published the personal flight history of Aeroflot CEO Sergey Alexandrovsky, covering dozens of domestic and international trips over the past two years. According to The Moscow Times, the leaked logs included frequent travel to government hubs, fueling speculation about the executive’s proximity to Kremlin activities (The Moscow Times).
While Aeroflot has yet to issue a detailed technical statement, anonymous sources inside the airline confirmed that data centers were compromised and restoration efforts were still ongoing days after the breach.
Civilian Fallout: War Closer to Home
The effects of the attack were deeply felt by ordinary Russian citizens, many of whom found themselves stranded at airports or forced to cancel long-planned vacations. With over 100 flights canceled and more delayed, the timing of the attack—at the height of Russia’s summer holiday season—meant thousands saw their leisure plans unravel in real-time.
According to ThaiCERT, passengers reported being stuck without clear communication from Aeroflot, unable to rebook or receive refunds promptly. Social media platforms filled with frustrated posts from families whose holidays were cut short or entirely ruined. Domestic travel was hit especially hard, with major routes such as Moscow to Sochi and St. Petersburg experiencing massive backlogs.
Beyond the logistical disruption, the incident carried a deeper psychological weight. As noted by the BBC, some Russian citizens interpreted the cyberattack as a reminder that the war in Ukraine is no longer just a distant conflict—it’s now capable of reaching into their personal lives. The disruption of such a prominent and symbolic company as Aeroflot turned what many considered a foreign war into an everyday reality.
As one affected traveler posted on VKontakte:
“We were just trying to take our kids to the seaside. Now we’re standing in an airport café since morning. No info. Just chaos. First time I really felt this war.”
Broader Implications
This cyberattack represents a growing trend of hybrid warfare, where digital tools are weaponized for both tactical and psychological impact. It underscores the vulnerability of even the most fortified national companies to non-state actors leveraging cyber capabilities.
The campaign also adds to the mounting list of Ukrainian-aligned cyber offensives targeting Russian infrastructure since the beginning of the full-scale invasion in 2022. In the past, these groups have hit railway networks, government servers, and now, one of Russia’s most recognizable commercial brands.
