A ‘zoo’ of IT infrastructure How Aeroflot’s slow-moving transition to Russian-made software left it wide open to hackers

On Monday, Russia’s flagship airline, Aeroflot, suffered a major IT outage that forced the cancellation of more than 100 flights. The Ukrainian and Belarusian hacktivist groups Silent Crow and Cyber Partisans claimed responsibility, describing the damage as “strategic” and emphasizing that aviation safety was not targeted. By Tuesday, Aeroflot had stabilized its schedule, but questions still abound. Writing on Telegram, journalist Maria Kolomychenko argued that the airline’s vulnerability stemmed from its slow transition from foreign to Russian-made software. Meduza shares her analysis below.

The massive cyberattack on the Russian airline Aeroflot earlier this week was likely made possible by the company’s haphazard transition from foreign to domestically produced software, according to journalist Maria Kolomychenko.

Before the full-scale war in Ukraine, Aeroflot’s infrastructure relied almost entirely on software from major Western companies like SAP, Sabre, and Lufthansa. Kolomychenko notes that although the Russian government had announced an import substitution program, including in the tech sector, it largely turned a blind eye to major companies continuing to use foreign software, as they needed it to stay competitive internationally.

Aeroflot only began seriously reducing its reliance on Western software after President Vladimir Putin signed a decree on March 30, 2022, titled “On measures to ensure technological independence and the security of Russia’s critical information infrastructure.” The order banned further purchases of foreign software for critical sectors, including transportation.

According to Kolomychenko, this triggered a “rapid push for import substitution” at Aeroflot — “partly on paper, but to a large extent in practice.” The airline replaced Sabre’s reservation system with the Russian-made Leonardo system from Sirena-Travel, swapped out the Swedish aircraft maintenance software AMOS for Kupol from Rostec, and began switching from Germany’s SAP to products by the Russian developer 1C. Aeroflot also started building many smaller IT systems in-house, establishing a dedicated subsidiary, AFLT-Systems, to manage the process.

By 2025, however, Aeroflot was still operating on a patchwork of systems. “From the looks of it, the company’s internal infrastructure has become what IT specialists call a ‘zoo’ — a jumble of Russian-made, custom-built, and still-unreplaced foreign software. Finding a vulnerability in that kind of chaos is only a matter of time and persistence,” Kolomychenko writes.

So far, the Prosecutor General’s Office has opened just one criminal case related to the Aeroflot hack — under Article 272 of the Russian Criminal Code, which covers unlawful access to computer information. This is a standard response to cyberattacks. Kolomychenko suggests a second case may soon follow, this time under the article covering illegal interference with critical infrastructure. If so, senior Aeroflot management and its contractors could come under investigation. The airline may also face a multimillion-ruble fine (equivalent to tens of thousands of dollars)) for leaking personal data, though it remains unclear whether such a leak occurred during the breach.

Kolomychenko also notes that, by law, Aeroflot’s infrastructure should be connected to the State System for Detecting, Preventing, and Responding to Cyberattacks. The Federal Security Service (FSB), which operates the system, was required to install software capable of identifying attacks in real time. “In short, it looks like everyone dropped the ball — including the FSB’s own cybersecurity units,” Kolomychenko concludes.

We usually do the talking at fundraisers. This time, we’ll let our readers speak for us. “I live in Russia and cannot send donations to Meduza, which is incredibly important to me as a source of reliable information. I have no friends abroad, and I ask you, a stranger to me, to support Meduza, and with it, hope for a normal future for Russia. This hope fades with each passing day. It’s unbearable to listen to propaganda and encounter people poisoned by it, especially children.” — Svetlana