Cybercriminals launch a mammoth strike against the "Dobrotsen" discount network
In a surprising turn of events, Dobrotsen, one of Russia's top employers, has been hit by a cyberattack. The incident, which occurred on July 30, 2025, affected all offices of Dobrotsen in Moscow, St. Petersburg, Yekaterinburg, and Samara, as well as its distribution centers.
The hacker attack has been linked to a series of disruptions in Russia around the same time, likely carried out by Ukrainian and Belarusian hacker groups. This is the second such attack this week, the first one affecting "Aeroflot" with numerous flight cancellations.
The company's website went offline, causing operational disruption in warehouses and offices. However, specific financial damages or recovery details have not been reported. The exact recovery timeline for Dobrotsen is not known, but given the context of simultaneous cyberattacks affecting multiple Russian enterprises, full recovery could have taken days.
Dobrotsen, a retail network with approximately 900 stores, has expanded to various regions in Russia, Belarus, Armenia, and Uzbekistan. The company's server and official website have been down since July 30. In response, the company's management has asked employees to log out of third-party Telegram accounts on their personal devices.
Other sectors targeted in the recent hacker attacks include food processing (29%), oil and gas (23%), and machinery (17%), according to RED Security analysts. Meanwhile, the losses of the "Vinlab" network due to a cyberattack are expected to exceed 1 billion rubles.
On a somewhat positive note, the network of restaurants Rostic's has experienced a technical glitch, making it impossible for customers to place orders through mobile apps or self-service kiosks. However, all Rostic's restaurants continue to operate, and orders can be placed in the establishment.
As we navigate through these challenging times, it's crucial for businesses to prioritise cybersecurity. A cyber threats article for small and medium-sized businesses on how to protect infrastructure is available on DK.RU. Stay safe, and let's hope for a swift recovery for Dobrotsen and other affected companies.
[1] Meduza. (2025, July 31). Cyberattack hits Dobrotsen, Russia's 105th top employer. Retrieved from https://meduza.io/en/news/2025/07/31/cyberattack-hits-dobrotsen-russias-105th-top-employer [3] Mash. (2025, July 30). Hacker attack hits Dobrotsen, Russia's 105th top employer. Retrieved from https://t.me/mash_ru/19511
- The cyberattack on Dobrotsen, a retail network with operations in multiple countries, has expanded the scope of impacted industries to include business and technology, in addition to the previously reported food processing, oil and gas, and machinery sectors.
- Given the widespread cyberattacks affecting numerous Russian enterprises, it's essential for companies in industries like finance, especially those at the top of the employer rankings like Dobrotsen, to focus on implementing robust cybersecurity measures to mitigate such threats.
- As the aftermath of the cyberattack affects Dobrotsen's operational capabilities, business leaders and managers across various industries, including finance and technology, should take a closer look at strategies to secure their crucial third-party Telegram accounts and safeguard their company's sensitive information.
