Introduction
In July 2025, Russia’s national airline Aeroflot became the target of one of the most extensive cyberattacks in history. Claimed by pro-Ukrainian hacker groups, the attack crippled the company’s flight operations. Hundreds of flights were canceled, and, according to various sources, millions of passengers were affected by cancellations and delays. Beyond disabling operational systems, the attackers obtained and publicly released sensitive data, including the personal flight history of senior executives, even the CEO. This incident demonstrated how critical infrastructure remains vulnerable to cyber threats.
The Aeroflot case illustrates that cybersecurity is no longer merely a technological issue but a strategic domain with vital implications for international relations, national security, and global commerce. The transfer of interstate tensions into the digital sphere has transformed cyberattacks into a “grey-zone” instrument of conflict. The targeted systems affected not only technical infrastructure but also international reputation, diplomatic relations, and public trust. In the specific context of the Russia–Ukraine war, it further shows that cyberspace has become a battlefield alongside air, land, and sea during wartime.
This analysis setting Aeroflot attack as an example to explore the international relations dimension of cybersecurity, examining the policies and motivations of both state and non-state actors.
The Aeroflot Cyberattack
On the morning of 28 July 2025, Aeroflot suffered a major cyberattack against its critical IT infrastructure. The airline’s planning, ticketing, check-in, and operational management systems were rendered temporarily inoperable. Within hours, flights across the country—especially at Sheremetyevo Airport— almost stopped. Various reports suggested that between 40 and 100 flights were canceled. According to Meduza.io, approximately 42% of scheduled flights did not operate on the first day of the attack.
The attack was claimed by “Silent Crow” and Belarus-based “Cyber Partisans,” two pro-Ukrainian hacker groups. They stated that the operation was the result of nearly a year of preparation. The attackers claimed to have disabled more than 7,000 servers and stolen 22 terabytes of data, including customer information, employee records, flight histories, and internal company communications.
In a particularly damaging move, they released the personal flight history of Aeroflot CEO Sergei Alexandrovsky. The “Cyber Partisans” alleged that the breach was made possible by a security vulnerability in the airline’s IT systems—pointing out that the CEO had not changed his password since 2022—and claimed the airline was still using outdated systems like Windows XP and Windows Server 2003.
Initially, Russian authorities downplayed the event as a “technical glitch.” However, operational data and the number of canceled flights contradicted these statements. By the next day, Aeroflot announced that approximately 93% of its flight schedule had been restored.
The attack demonstrates how an international airline can become a target in the digital dimension of geopolitical conflict, and how vulnerable critical transport infrastructure is to cyber intrusions. Beyond its implications for Russia’s domestic security, the incident also raised issues regarding global aviation safety, the protection of personal data, and the critical importance of cyber defense during periods of war or conflict.
What Are Cyberspace and Cyberwarfare?
Before evaluating cyberattacks from an international relations perspective, it is important to define cyberspace, explain what constitutes a cyberattack, and understand why this has become such a critical issue.
Cyberspace is a virtual environment composed of computer networks, communication infrastructures, software systems, and digital data—deeply intertwined with the physical world. Today, it is recognized as the fifth strategic domain alongside land, sea, air, and outer space.
Cyberwarfare refers to the use of this domain for military, political, or strategic purposes. One of the most notable aspects of cyberattacks is their ability to generate high impact at low cost, making them an attractive asymmetric tool. Cyberattacks also allow perpetrators to achieve objectives without physical force, maintain anonymity, and operate remotely, unrestricted by geography.
In practice, a hacker equipped with a $1,000 laptop and internet connection can conceal his/her identity and carry out an operation capable of disabling critical infrastructure, leaking sensitive data, or conducting disinformation campaigns. Such attacks can create economic loss, public pressure, and social unrest. In extreme cases, compromising systems that control hospital intensive care units, power grids, or transportation networks could cause not only economic harm but also loss of life.
With these characteristics, cyberspace is a domain in the international system where small and medium-sized states and non-state actors have an advantage over major powers or corporations. Therefore, cyberattacks have become an attractive and effective tool for modern power competition, as well as for non-state actors to use for espionage and to obtain confidential corporate data for economic gain.
Cybersecurity and State Policies in International Relations
Following the diplomatic tensions with Russia over the relocation of the Soviet-era Bronze Soldier monument and war graves in Tallinn, Estonia suffered a wave of cyberattacks beginning on 27 April 2007. Targeting its parliament, banks, ministries, and media outlets, these attacks became a landmark case in international relations, as they represented the digital extension of a political dispute.
Since the 2007 Estonia attacks, cybersecurity has emerged as one of the most important areas expanding the scope of “security” in the international relations literature. Traditional security focused on safeguarding state sovereignty in physical domains; cyberspace now stands alongside them as the fifth strategic arena.
The “Aeroflot attack” is a modern, tangible example. It did not merely cause a technical disruption—it struck at a state’s flag-carrier brand, critical transport infrastructure, and damaged diplomatic prestige. In international relations, such operations are considered “grey-zone” acts, situated between peaceful conduct(White zone) and hostile acts of war(Black zone). They aim to inflict harm, damage reputation, or undermine internal stability without triggering a formal declaration of war.
The ability of non-state actors—such as pro-Ukrainian hacker groups—to harm a state undermines the Westphalian principle of the state’s monopoly on the legitimate use of force in the cyber domain.
Another reason cyber threats are so critical is the interdependence of global economic and infrastructure systems. International air transport, financial networks, energy grids, and supply chains all operate through integrated digital systems. A security gap in one country can have far-reaching effects beyond its borders. The Aeroflot attack disrupted not only domestic operations but also the travel plans of international passengers, undermining trust in global aviation.
International law on cyberattacks remains unsettled. The UN Charter’s prohibition on the use of force and its definitions of armed attack provide no clear guidance on what constitutes a “cyber armed attack.” Since invoking the right of self-defense depends on attributing an attack to a specific actor, the anonymity inherent in cyberspace poses significant challenges. The Aeroflot case is sui-generis in that as the perpetrators openly claimed responsibility.
Cyber Threats and NATO as a Defense Alliance
Cybersecurity now lies at the heart of modern national security strategies. As public services, critical infrastructure, and strategic industries become increasingly digitalized, cyber threats have evolved from a purely technical risk into a political and geopolitical issue. Major powers—including the US, China, and Russia—have developed national cybersecurity strategies that establish mandatory security standards, require transparency in data breach reporting, and emphasize protecting critical infrastructure.
On the other hand, as in the case of the Aeroflot attack, the effects of a national-scale cyber incident quickly transcend borders. Therefore, to respond to cyber threats, international civilian and military organizations are working to define cyberspace and develop security policies in this area. As a military defense alliance, NATO has been developing strategic policies in this domain and strengthening its cyber defense infrastructure in recent years.
Following the 2007 cyberattacks on Estonia, NATO accelerated its efforts in this domain. Between 2009 and 2012, NATO conducted studies examining the relationship between cyberspace and international law at the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) in Tallinn, Estonia, with the participation of international experts. This work resulted in the Tallinn Handbook on International Law Applicable to Cyber Warfare. This non-binding, academic guide is significant as the first attempt to address and clarify the complex legal issues surrounding the application of jus ad bellum (declaration of war) and international humanitarian law to cyber conflicts, as well as the interpretation of international law in the context of cyber operations and cyber warfare.
In 2014, NATO officially recognized cyberspace as an “operational domain,” and in 2016, it acknowledged that cyberattacks could fall under Article 5—the Alliance’s collective defense clause. That same year, the “Cyber Defence Pledge” committed member states to strengthening their cyber defense capacities. Annual exercises such as “Locked Shields” and “Cyber Coalition” are now conducted by CCDCOE to test crisis response readiness.
Through these works, NATO aims to build military capacity and deterrence in cyberspace, just as it does in land, sea, air, and space. It also encourages member states to strengthen their own infrastructure and share intelligence against cyber threats.
Conclusion
The 2025 cyberattack on Aeroflot clearly demonstrates the importance of cyberspace in today’s international relations. This incident not only brought an airline’s operations to a standstill, but also negatively impacted the perception of trust in international passenger transport and damaged the prestige of Russia, which is currently engaged in an active war with Ukraine. Furthermore, allegations that the airline’s top executive had not changed his password since 2022 and that the company was using outdated operating systems raise serious concerns about personal data protection. The scale of the impact of this data breach remains unknown.
The cyber domain, which gained prominence with the Estonia attack (2007), also illustrates the borderless nature of cyber threats in the Aeroflot case. Furthermore, this incident has once again highlighted the necessity of developing defensive strategies against cyber threats. Within this framework, national policy documents are being developed, while at the international level, efforts are being made within the United Nations to develop legal norms, and NATO is developing collective defense policies. These developments demonstrate that efforts to adapt to this field, which is growing asymmetrically alongside technological advancements, are continuing.
Ultimately, cybersecurity has moved beyond being a matter of technical infrastructure; it has become an integral element of national security, diplomatic relations, and global economic and security stability. The Aeroflot attack, which took place during the ongoing Russia-Ukraine war that began in 2022, demonstrates that cyberspace can be used as an effective asymmetric power projection platform in the future, just like land, sea, and air, with the capabilities to undermine civilian morale civilians and target infrastructure.
Kaynakça:
https://meduza.io/en/feature/2025/07/28/completely-compromised
https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia
https://www.tandfonline.com/doi/full/10.1080/13523260.2024.2365062#inline_frontnotes
https://ccdcoe.org/research/tallinn-manual/
https://en.wikipedia.org/wiki/Tallinn_Manual
https://www.britannica.com/topic/cyberspace
https://www.britannica.com/topic/cyberwar
https://www.nato.int/cps/em/natohq/official_texts_133177.htm
https://www.nato.int/cps/en/natohq/topics_78170.htm
