The cyberattack on Aeroflot grounded flights, causing the cancellation or delay of over 100 flights and impacting roughly 20,000 passengers. The disruption resulted in potential data loss and reputational damage, with an estimated cost of $50 million. The hacker group Cyber Partisans claimed responsibility, leaking flight records belonging to the CEO and threatening to release more data. The attack exposed vulnerabilities in the airline's IT infrastructure, including weak passwords and outdated software.
Source: https://therecord.media/hackers-leak-purported-aeroflot-data
TPRM report: https://scoringcyber.rankiteo.com/company/aeroflot---russian-airlines
"id": "aer833080125",
"linkid": "aeroflot---russian-airlines",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '20,000 passengers',
'industry': 'Aviation',
'location': 'Russia',
'name': 'Aeroflot',
'size': 'Large',
'type': 'Airline'}],
'attack_vector': 'Weak Passwords, Outdated Software',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Passport number',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Flight records',
'Surveillance footage',
'Audio recordings',
'Employee monitoring data']},
'date_detected': 'Monday',
'date_publicly_disclosed': 'Thursday',
'date_resolved': 'Thursday',
'description': 'Hackers have leaked flight records allegedly belonging to the '
'CEO of the Russian airline Aeroflot following a major '
'cyberattack that grounded flights.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': ['Flight records of the CEO',
'Entire flight history database',
'Audio recordings of internal calls',
'Surveillance footage',
'Employee monitoring data'],
'downtime': 'More than 100 flights canceled or delayed',
'financial_loss': '$50 million',
'legal_liabilities': 'Possible legal scrutiny if cybersecurity '
'measures deemed inadequate',
'operational_impact': 'Nearly half of daily operations affected',
'revenue_loss': '$50 million',
'systems_affected': 'IT infrastructure'},
'initial_access_broker': {'entry_point': 'Weak Passwords, Outdated Software',
'high_value_targets': 'Aeroflot CEO'},
'investigation_status': 'Ongoing',
'motivation': 'Unknown',
'post_incident_analysis': {'root_causes': ['Weak Passwords',
'Outdated versions of Windows']},
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': 'Thursday', 'source': 'Roskomnadzor'},
{'date_accessed': 'Thursday', 'source': 'Cyber Partisans'},
{'date_accessed': 'Thursday', 'source': 'The Insider'}],
'response': {'communication_strategy': 'Limited information released',
'recovery_measures': 'Restored services and resumed normal '
'operations'},
'threat_actor': 'Belarusian hacker group Cyber Partisans',
'title': 'Cyberattack on Aeroflot',
'type': 'Data Breach, Ransomware',
'vulnerability_exploited': ['Weak Passwords', 'Outdated versions of Windows']}