Russian airline Aerofl ot cancelled dozens more fl ights yesterday but said it had now stabilised its schedule after a major cyberattack a day earlier, and the transport ministry said the issue had been resolved. Two pro-Ukraine hacking groups claimed on Monday to have carried out a year-long operation to penetrate Aerofl ot’s network. They said they had crippled 7,000 servers, extracted data on passengers and employees and gained control over the personal computers of staff , including senior managers. Aerofl ot’s online timetable showed about 25 fl ights out of Moscow’s Sheremetyevo airport had been cancelled yesterday, mostly overnight and through the morning. Nearly all afternoon and evening fl ights were due to take off , though dozens were delayed. Interfax news agency said 31 inbound fl ights to the capital had been cancelled. Aerofl ot said it had “stabilised” its fl ight programme. The transport ministry said in a statement: “Thanks to the eff orts of Aerofl ot employees, with the active support of Sheremetyevo services, the problem that arose was resolved in the shortest possible time.” The ministry described the issue as “a failure in the IT infrastructure”. It did not refer to it as a cyberattack, although prosecutors have said they are investigating it as such. Responsibility was claimed by the Belarusian Cyber Partisans, a longestablished group that opposes President Alexander Lukashenko, and by a more shadowy and recent hacking outfi t that calls itself Silent Crow. Yuliana Shemetovets, a spokesperson for the Cyber Partisans, said Aerofl ot was likely working with costly manual systems in order to maintain the appearance of business as usual. The ministry statement said there had been a “transition to domestic systems”. “Without IT systems the company can work manually like in the old days when fl ight tickets cost more than $1K,” Shemetovets told Reuters. “It would just be unprofi table, meaning the company would keep sustaining losses just to save face.” She said that Aerofl ot’s CEO had not changed his password since 2022 and that the company was using an outdated version of Windows software. Some workers had passwords saved in a Word document on their computers, she added. Reuters could not independently confi rm those details and has approached Aerofl ot for comment. Aerofl ot’s shares were up 1.36% yesterday, recovering some ground after slumping to their lowest mark since late 2024 on Monday. Russian lawmakers said the cyberattack was a wake-up call and that investigators should focus not only on the perpetrators but on those who had allowed it to happen. Mikhail Klimarev, director of the Internet Protection Society, a Russian digital rights group, said it was a serious episode that showed cybercriminals were learning “best practice” from around the world while Russian companies were hampered in their response because of sanctions. “It’s like with viruses: If you don’t communicate with people who have the fl u, you have no immunity,” he told Reuters. Klimarev said Russian security services had dropped the ball, and the incident highlighted a failure of the technical systems that are meant to allow them to counter such threats. He said there was a grave safety risk as the hackers could hypothetically have exploited their access to Aerofl ot systems in order to change data and cause planes to crash.