A new chapter has emerged in the cyberattack that disrupted Russia’s flagship carrier, Aeroflot, after hackers released what they claim is sensitive company data while Russian authorities continue to deny that any verified data breach has occurred. The incident has intensified concerns about cybersecurity vulnerabilities affecting critical transportation infrastructure.
Data Leak Claims Follow Major Cyberattack
The controversy stems from a large-scale cyberattack that struck Aeroflot in late July 2025, forcing the airline to cancel dozens of flights and causing significant disruptions across Russia’s air travel network. Russian prosecutors confirmed that a hacker attack caused failures within Aeroflot’s information systems and opened a criminal investigation into the incident.
Following the attack, the Belarusian hacker group Cyber Partisans and the pro-Ukrainian group Silent Crow claimed responsibility, alleging they had maintained access to Aeroflot’s systems for more than a year before launching the operation.
Russia Denies Confirmed Data Breach
Despite the hackers’ claims, Russia’s communications regulator, Roskomnadzor, stated that it had no confirmation that customer or corporate data had been leaked from Aeroflot. Officials said information regarding a possible breach remained unverified.
However, shortly after those statements, Cyber Partisans released what they described as flight records belonging to Aeroflot CEO Sergei Alexandrovsky. The data allegedly included information covering more than 30 flights between 2024 and 2025.
Independent media outlets reported that some details contained in the leaked records appeared to match information previously associated with the executive, although the authenticity of the entire dataset has not been independently verified.
Hackers Threaten Additional Releases
Cyber Partisans have indicated that further disclosures may follow. The group claims to possess:
- Flight history databases
- Internal communications
- Employee monitoring records
- Corporate documents
- Surveillance-related data
The hackers also alleged that they compromised thousands of servers and gained extensive access to Aeroflot’s internal network. These claims remain unverified by independent investigators.
One of Russia’s Most Significant Cyber Incidents
Cybersecurity experts have described the Aeroflot attack as one of the most disruptive cyber incidents to affect Russia since the start of the war in Ukraine.
The attack reportedly caused:
- More than 100 flight cancellations
- Delays across domestic and international routes
- Disruptions at Moscow’s Sheremetyevo Airport
- Travel complications for tens of thousands of passengers
Aeroflot later stated that operations had largely returned to normal, although analysts warned that restoring systems and assessing potential data loss could take significantly longer.
Questions About Cybersecurity Practices
The hackers attributed their success to weak security controls, outdated systems, and poor password management within Aeroflot’s infrastructure. While those allegations have not been independently verified, subsequent reports suggested investigators were examining whether third-party vendors and insufficient security measures may have contributed to the breach.
Industry observers note that airlines have become increasingly attractive targets for cybercriminals because they manage large volumes of personal data, payment information, travel records, and operational systems.
Cyber Warfare Beyond the Battlefield
The Aeroflot incident also reflects the growing role of cyber warfare in modern geopolitical conflicts. Since 2022, Russian government agencies, transportation networks, financial institutions, and major corporations have experienced repeated cyberattacks linked to hacktivist groups and state-aligned actors.
Whether the leaked Aeroflot data proves authentic or not, the episode highlights the growing challenge organizations face in defending critical infrastructure against increasingly sophisticated cyber threats.
For now, Russian authorities continue to deny that a confirmed data breach has occurred, while the hackers insist that additional information will be released in the coming weeks.
