A large-scale cyberattack on Russias state-owned airline Aeroflot brought the carriers IT systems to a standstill on Monday, causing widespread disruption to flight operations. More than 100 flights were cancelled, with many others facing significant delays, according to Russias prosecutors office.

Responsibility for the attack was claimed by two anti-Kremlin hacker groups: the Ukrainian collective Silent Crow and the Belarus Cyber-Partisans, a group opposing Belarusian President Alexander Lukashenkos regime.

The incident marks one of the most severe cyber disruptions Russia has faced since its full-scale invasion of Ukraine began in February 2022. While past attacks have hit government platforms and major firms such as Russian Railways, those services were typically restored within hours.

At Moscows Sheremetyevo Airport, Aeroflots main hub, images shared online showed large crowds of stranded travellers. The outage also affected Aeroflots subsidiary airlines, Rossiya and low-cost carrier Pobeda.

While most of the flights affected were domestic, the disruption also led to cancellations for some international flights to Belarus, Armenia and Uzbekistan.

In a statement released early Monday, Aeroflot warned passengers that the companys information technology system was experiencing unspecified difficulties and that disruption could follow.

Russias Prosecutors Office later confirmed that a cyberattack had caused the outage and that it had opened a criminal investigation.

Kremlin spokesperson Dmitry Peskov called reports of the cyberattack quite alarming, adding that the hacker threat is a threat that remains for all large companies providing services to the general public.

Silent Crow claimed it had accessed Aeroflots corporate network for a year, copying customer and internal data, including audio recordings of phone calls, data from the companys own surveillance on employees and other intercepted communications.

All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic, the channel purporting to be the Silent Crow group wrote on Telegram. There was no way to independently verify its claims.

The same channel also shared screenshots that appeared to show Aeroflots internal IT systems, and insinuated that Silent Crow could begin sharing the data it had seized in the coming days.

The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip albeit without luggage and to the same destination, it said.

The Belarus Cyber-Partisans told The Associated Press that they had hoped to deliver a crushing blow. The group has previously claimed responsibility for a number of cyberattacks, and said in April 2024 that they had been able to infiltrate the network of Belarus main KGB security agency.

This is a very large-scale attack and one of the most painful in terms of consequences, group coordinator Yuliana Shametavets said. She said that the group had been preparing the attack for several months, and were able to penetrate the Aeroflot network by exploiting various vulnerabilities.

Belarus is a close ally of Russia. Lukashenko, who has ruled Belarus with an iron hand for more than 30 years and has relied on Russian subsidies and support, allowed Russia to use his countrys territory to launch a full-scale invasion of Ukraine on Feb. 24, 2022, and to deploy some of Moscows tactical nuclear weapons in Belarus.

Russias airports have repeatedly faced mass delays over the summer as a result of Ukrainian drone attacks, with flights grounded amid safety concerns.

With inputs from agencies