Russia's Aeroflot cancels flights after pro-Ukrainian hackers claim cyberattack

Russian national flag carrier Aeroflot was forced to cancel dozens of flights on Monday after a crippling cyberattack claimed by a pro-Ukrainian hacking group, which one lawmaker called a wake-up call for Moscow.

The Kremlin said the situation was worrying and prosecutors confirmed the disruption was the result of a hack and opened a criminal investigation. Senior lawmaker Anton Gorelkin said that Russia was under digital attack.

"We must not forget that the war against our country is being waged on all fronts, including the digital one. And I do not rule out that the ‘hacktivists’ who claimed responsibility for the incident are in the service of unfriendly states," Gorelkin said in a statement.

Aeroflot did not say how long the problems would take to resolve, but departure boards at Moscow's Sheremetyevo Airport turned red as flights were cancelled at a time when many Russians take their holidays.

A statement purporting to be from a hacking group called Silent Crow said it had carried out the operation together with a Belarusian group called Cyberpartisans BY, and linked it to the war in Ukraine.

There was no immediate comment from Ukraine.

Silent Crow has previously claimed responsibility for attacks this year on a Russian real estate database, a state telecoms company, a large insurance firm, the Moscow government's IT department and the Russian office of South Korean carmaker KIA. Some of those resulted in big data leaks.

"The information that we are reading in the public domain is quite alarming. The hacker threat is a threat that remains for all large companies providing services to the population," Kremlin spokesman Dmitry Peskov said.

Aeroflot, the transport ministry and the aviation regulator did not immediately respond to requests for comment on the hack.

The airline said it had cancelled more than 40 flights - mostly within Russia but also including routes to the Belarusian capital Minsk and the Armenian capital Yerevan - after reporting a failure in its information systems. At least 10 other flights were delayed.

"Specialists are currently working to minimise the impact on the flight schedule and to restore normal service operations," it said.

The statement in the name of Silent Crow said the cyberattack was the result of a year-long operation which had deeply penetrated Aeroflot's network, destroyed 7,000 servers and gained control over the personal computers of employees, including senior managers.

It published screenshots of file directories purportedly from inside Aeroflot's network and threatened to shortly start releasing "the personal data of all Russians who have ever flown Aeroflot".