Cybercriminals launch a wide-scale assault on the "Dobrotsen" discount network
In a series of coordinated cyberattacks targeting key sectors, Dobrotsen, a Russian discount retail chain, found itself in the crosshairs on July 29, 2025. The attack disabled Dobrotsen’s IT infrastructure, halting operations in its Russian offices in Moscow, St. Petersburg, Yekaterinburg, and Samara [1].
The hack disrupted Dobrotsen’s retail operations, causing office closures and affecting its core business. This cyberattack coincided with other cyber operations targeting Russian infrastructure around the same period, including a significant attack on AirNet, a major Internet provider in St. Petersburg [2].
The reasons behind these attacks, particularly the one on Dobrotsen, are believed to be politically motivated. Reports suggest that Ukrainian and French hacker groups led the attacks in late July 2025, reflecting ongoing cyber tensions and geopolitical conflict with Russia [3]. This aligns with a broader pattern of cyber conflict involving Russia and external actors.
The impact of the attack on Dobrotsen was significant, with operational shutdowns in key Russian cities. However, there is no direct evidence from the available data indicating operational disruption in Dobrotsen's operations in Belarus, Armenia, or Uzbekistan where the company has expanded its network.
Meanwhile, another part of Dobrotsen’s business, the restaurant chain Rostic’s, has experienced a technical malfunction affecting mobile app and self-service kiosk orders. The company’s management has asked employees to log out of other people’s Telegram accounts on their personal devices [4].
Dobrotsen is a diverse company group, including Gefest, a distributor of alcoholic products, the logistics company Food-Logistic, ZhBI-2020 (production of construction materials), and a network of alcohol departments in 225 trading points in Sverdlovsk and Kurgan Oblasts. As of 2024, the network consists of around 900 stores [5].
Since the attack, Dobrotsen’s server and official website have been down, along with the distribution centers. Despite the malfunction, customers can still place orders in the Rostic’s establishments. Employees, however, are facing issues where computers either fail to turn on or “freeze” [4].
The food industry, oil and gas, and machinery sectors have been the most targeted in recent cyberattacks, with the food industry being a prime target due to its high sensitivity to downtime. Machinery is also targeted due to its valuable intellectual property, while oil and gas is targeted due to its strategic importance [6].
For small and medium-sized businesses looking to protect their infrastructure from cyber threats, an article is available on DK.RU [7]. The losses of the Vinlab network due to a cyberattack were reported to exceed 1 billion rubles, serving as a stark reminder of the potential damage cyberattacks can cause [4].
In a separate incident, Aeroflot, the Russian flag carrier, experienced a cyberattack earlier in the week, causing numerous flight cancellations due to a glitch in its information systems. However, this is not related to the current article [8].
References:
- Dobrotsen cyberattack
- AirNet cyberattack
- Ukrainian and French hacker groups involved
- Rostic's technical malfunction
- Dobrotsen company information
- Sector-specific cyberattacks
- Protecting infrastructure
- Aeroflot cyberattack
- The cyberattack on Dobrotsen, a Russian discount retail chain, disrupted not only its retail operations but also extended to its technology-reliant divisions such as Rostic's restaurant chain.
- The food industry, including companies like Dobrotsen, has been a prime target in recent cyberattacks due to its high sensitivity to downtime and valuable data.
- To protect their infrastructure from cyber threats, small and medium-sized businesses can refer to an article available on DK.RU, serving as a cautionary tale against the potential financial losses due to such attacks, as evident from the losses of the Vinlab network exceeding 1 billion rubles.
