Cyber Incident Victim: Epicentr K
Date:
Apr 2025
Location:
Ukraine
Summary
Epicentr, Ukraine's largest home improvement retailer, reported a large‑scale cyberattack that disabled checkout systems, logistics services, and its website and app across dozens of stores. The attack left the retailer unable to process sales, fulfill online orders, or generate financial and tax reports due to missing accounting records, while some stores remained disrupted after initial recovery. The company employs about 29,000 people and has previously lost shopping centers to missile strikes, though the attack’s origin and objectives were not disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Monday, customers at Epicentr stores across Ukraine were unable to make purchases because the checkout systems were down, and many reported that they could not receive deliveries or access the company’s app and website. The cyberattack disrupted operations at dozens of stores and crippled key IT systems, including sales registers and logistics services. By Tuesday afternoon most stores had resumed operations, although some locations continued to experience disruptions. Epicentr confirmed on Tuesday that it had suffered a targeted attack, stating that a deliberate attack by malicious actors had serious consequences for the company’s infrastructure.
The retailer did not attribute the incident to any specific group and noted that it remained unclear how hackers infiltrated its systems or what their ultimate objective was; the company also had not confirmed whether ransomware was used in the attack. Epicentr acknowledged ongoing issues with its accounting systems, explaining that vital financial records and registries were missing, which left the company unable to generate required financial and tax reports. The retailer warned of potential delays in delivering goods, especially for online orders, and said customers might encounter problems with parcel tracking and pickup services at its shopping centers. Epicentr employs 29,000 people and operates more than 70 shopping centers covering over 2.2 million square meters, making it one of the largest private companies in Ukraine.
The incident marks the third major cyberattack on a Ukrainian company in recent months, following a severe cyber incident reported by agribusiness firm MHP in January and a suspected Russian hacker attack on state‑owned railway operator Ukrzaliznytsia in March that disrupted its online ticketing services. Since the start of the full‑scale invasion, Epicentr has lost 10 shopping centers to Russian missile strikes, with a combined area exceeding 177,500 square meters. Ukraine has faced a wave of cyberattacks amid its war with Russia, including a devastating cyberattack on telecom provider Kyivstar that knocked services offline for days and recent attacks on state registers containing biometric, tax and property data. Large retailers worldwide remain prime targets for malicious hackers, as illustrated by the ongoing response to a cyberattack affecting Britain’s Marks & Spencer chain.