Air Serbia, the national airline of Serbia, is grappling with the aftermath of a significant cyberattack that has led to the postponement of payslip distributions to its employees, according to internal memos reviewed by The Register. Staff were informed that for security reasons, the distribution of June 2025 payslips had been delayed as the company worked to resolve ongoing cybersecurity issues.
The internal communications revealed that although employees received their monthly salaries, access to their payslip PDF files remained blocked. Human Resources cautioned staff against opening any emails that were perceived to be related to payslips, including those containing their own names, as they were likely to be phishing attempts.
Air Serbia’s IT department had previously alerted employees about the cyberattack on July 4, warning that the situation could disrupt business processes temporarily. In response, management was advised to adapt their work plans and communicate necessary adjustments to their teams promptly. Subsequent measures included multiple password resets and the installation of security software on employee devices.
The airline’s security measures escalated over the following days, with databases being placed in a demilitarized zone and internet access tightly restricted to only a few whitelisted pages under the airserbia.com domain. Concerns from staff have been raised regarding the potential compromise of personal data and whether the airline will formally acknowledge the breach to the public.
Reports suggest that this incident, which follows a history of cyber threats faced by the airline, involves a deep compromise of its Active Directory and may indeed be linked to prior instances of cyberattacks targeting the aviation sector. As of July 14, insiders indicated that the airline’s defenses had not fully eradicated the attackers from its network, with speculation that malware, possibly an infostealer, was involved.
Despite the serious implications of the situation, Air Serbia has not confirmed any ransom demands or extortion threats accompanying the attack. In recent communications, IT officials urged employees to cooperate fully with cybersecurity measures being implemented.
The airline, which achieved record passenger numbers in 2024, faces increasing scrutiny over its security posture given the rising incidents of cyberattacks within the aviation industry. Experts tracking the recent patterns of attacks indicated the involvement of various cybercriminal groups, although specific links to this incident remain unverified.