Cyber Incident Victim: Stolichki
Date:
Jul 2025
Location:
Russia
Summary
Stolichki and Neopharm suspended operations after cyberattacks disrupted their digital infrastructure, affecting over 1,100 pharmacy locations in more than 80 cities and blocking access to prescriptions, loyalty programs and point‑of‑sale systems. Stolichki confirmed the attack, reporting that cash registers and accounting were taken offline in its Moscow‑area stores and that some staff were placed on unpaid leave while restoration proceeded. Neopharm similarly shut down its Moscow and St. Petersburg sites, sending employees home as IT systems remained nonfunctional. Both chains had previously been controlled by businessman Yevgeny Nifantiev before his stake moved to the Zdravinvest fund after sanctions linked to Ukraine. The incidents followed a separate cyberattack on Aeroflot claimed by Ukrainian and Belarusian hacking groups.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday, July 29, 2025, Stolichki, the larger of Russia’s two major pharmacy chains, suspended operations across several regions after a cyberattack disrupted its digital infrastructure. The company initially cited technical reasons for the outages but later confirmed that the suspensions were caused by a cyberattack and that restoration efforts were underway. Stolichki operates more than 1,000 locations in Moscow, St. Petersburg and the Leningrad, Tula and Vladimir regions, while its smaller counterpart Neopharm runs over 110 pharmacies in Moscow and St. Petersburg. Together the chains encompass over 1,100 pharmacy locations in more than 80 cities across central Russia.
The attack disabled cash registers, accounting systems and point‑of‑sale terminals, leaving customers unable to fill prescriptions, use medication reservations, access loyalty programs or complete purchases. Notices posted to Stolichki’s website apologized for the disruption and promised that unavailable features would be restored soon. Employees were sent home as IT systems remained nonfunctional, and some staff were placed on unpaid leave while the company assessed the damage. According to the Telegram news channel Mash, all Stolichki locations in the Moscow area were forced to close entirely, with the outages potentially lasting up to two days.
Prior to mid‑2022, both Stolichki and Neopharm were controlled almost entirely by businessman and former State Duma deputy Yevgeny Nifantiev, who transferred his stake to a closed‑end mutual investment fund called Zdravinvest after being sanctioned over his support of Russia’s invasion of Ukraine. The pharmacy outages followed closely on the heels of another major cyberattack, this time against flagship airline Aeroflot, where Ukrainian hacking group Silent Crow and Belarusian group Cyber Partisans claimed responsibility for destroying 7,000 servers and crippling airport operations. Russia’s Prosecutor General’s Office confirmed that Aeroflot’s system failures stemmed from unauthorized access, and the Cyber Partisans later asserted that the airline’s systems still ran on outdated Windows XP and that its CEO had not updated his password since 2022.