Russian service sector companies faced another wave of technical disruptions, with the Vkusvill supermarket chain’s website and mobile application ceasing operations, The Moscow Times reported on 30 July

The majority of complaints came from Moscow, the Moscow Oblast, and St. Petersburg. The company confirmed it experienced “a local internal failure” but ruled out a cyberattack, sying that “there are no configuration changes, suspicious logins, or data leaks.” Vkusvill did not specify what caused the technical problems but added that the failure did not affect offline store operations.

Simultaneously, the Samokat delivery service stopped functioning. The application indicated that “the failure will be resolved soon” without providing details about the causes.

Additionally, hackers attacked the Dobrocen discount chain network. The company was forced to suspend operations at distribution centers and all five offices in Moscow, St. Petersburg, Yekaterinburg, and Samara.

Dobrocen reported that its server was paralyzed, the official website would not open, and computers either failed to start or froze during endless updates. The attack is linked to the presence of network stores in occupied Ukrainian territories – in the “DNR,” “LNR,” and Crimea. Restoring IT infrastructure reportedly may take a week.

The previous day, on 29 July, the Neopharm and Stolichki pharmacy chains halted operations due to hacker attacks.

However, the most large-scale cyberattack targeted Aeroflot on 28 July. Hackers from the “Cyberpartisans” and Silent Crow groups breached the national carrier’s systems, destroying 7,000 servers and provoking a new collapse at Moscow airports. More than 100 flights were canceled, causing the airline to lose at least 250 million rubles in a single day. Cancellations continued on 29 July. Russia’s Prosecutor General’s Office confirmed the disruption was caused by a cyberattack.

The “Cyberpartisans” claimed that Aeroflot’s system ran on outdated Windows XP and Windows 2003, and that company CEO Sergey Aleksandrovsky had not changed his password since 2022. According to the hackers, the total volume of the data leak was 20 TB.

A global law enforcement campaign has dealt a blow to the pro-Russian cyber army known as NoName057(16). Europol confirmed that about 20 countries helped dismantle the network behind thousands of attacks on Ukraine’s supporters.

Europol targets ideological cyber group tied to Russia’s war

Europol reported that between 14 and 17 July, authorities from 12 countries launched Operation Eastwood. Europol and Eurojust coordinated the joint crackdown. The effort reportedly dismantled major parts of the pro-Russian cyber army’s infrastructure, including hundreds of systems.

Germany issued six arrest warrants for suspects based in Russia. Two are accused of leading the group’s activities. Spain issued another arrest warrant. France and Spain also reported one arrest each. All suspects are internationally wanted.

Authorities carried out 24 house searches and questioned 13 individuals across Europe. In Spain alone, 12 searches took place. Investigators also notified over 1,000 individuals believed to support the cyber group. Fifteen of them were administrators.

Attacks tied to political and military events across Europe

Other attacks struck during the European elections. Swedish government and banking websites were affected. In Switzerland, NoName057(16) launched attacks in June 2023, during a speech by Ukraine’s president to the Joint Parliament. Another wave occurred in June 2024 during the Peace Summit for Ukraine at Bürgenstock.

The most recent attack linked to the group targeted the NATO summit held in the Netherlands in June 2025. Europol notes that although the attacks caused disruption attempts, none led to substantial outages.

Recruitment tactics built on crypto rewards and gamified propaganda

Europol identifies NoName057(16) as an ideological cyber network that operated without formal leadership. The group recruited mostly Russian-speaking sympathizers, many with little technical knowledge. Its structure relied heavily on gamified propaganda and incentives.

Volunteers received cryptocurrency payments and recognition through online shout-outs, badges, and leaderboards. Europol notes this method especially appealed to younger users who felt emotionally involved in Russia’s political narratives.

To simplify participation, NoName057(16) distributed guides and tools like DDoSia. Europol also launched a prevention campaign warning suspected supporters of their criminal liability, delivered via the same communication platforms.

The UK hits a Russian military intelligence unit behind the destruction of the Mariupol Drama Theater with the largest-ever sanctions package in history. It is also responsible for prolonged malicious hybrid operations worldwide. 

“In 2022, Unit 26165, sanctioned today, conducted online reconnaissance to help target missile strikes against Mariupol, including the strike that destroyed the Mariupol Theatre, where hundreds of civilians, including children, were murdered,” says the UK government. 

The restrictions hit three units of Russia’s military intelligence (GRU) and its 18 officers accountable for conducting a sustained campaign of cyberattacks over many years, including attacks inside the UK. 

“The GRU routinely uses cyber and information operations to sow chaos, division and disorder in Ukraine and across the world with devastating real-world consequences,” the UK government said.

Sanctions also target GRU officers responsible for hacking a device of Yulia Skripal, a daughter of former Russian military officer Sergei Skripal, using the malicious software known as X-Agent. This happened five years prior to the failed attempt by GRU officers to assassinate them with the deadly nerve agent “Novichok” in Salisbury.

Russian operatives have also attempted to disrupt UK media outlets, telecom providers, political and democratic institutions, as well as critical energy infrastructure.