Date: June 25, 2026

TLP: CLEAR

Executive Summary

Russian dairy and food-sector organizations have experienced a series of cyber disruptions affecting logistics, accounting, shipment documentation, electronic veterinary certification, product labeling, public-facing websites, and consumer-trust surfaces. The most recent reported incident affected Ufagormolzavod, a large dairy producer in Ufa, Bashkortostan. Public reporting indicates that the attack disrupted logistics, accounting, and document workflows, forcing manual processing for shipments and paperwork. Company leadership stated that production continued, but shipment and documentation speed degraded.

This incident follows a separate compromise of the Bashkortostan state-run Molochnaya Kukhnya website. Attackers posted false claims that power outages had caused dairy products to become contaminated with listeria. Regional officials denied the claim, stated that electricity and temperature controls were normal, and said there was no product recall. The targeting was significant because Molochnaya Kukhnya serves children, pregnant women, and other sensitive beneficiary groups. The incident targeted public trust in food safety, not only system availability.

The available evidence does not support attribution of the Ufagormolzavod or Molochnaya Kukhnya incidents to a named group, Ukraine’s intelligence services, or another nation-state actor. There is, however, a broader operating environment in which Ukraine-aligned hacktivist and state-adjacent actors have repeatedly targeted Russian logistics, industrial, transportation, telecom, and war-support infrastructure. That context makes Ukraine-aligned involvement plausible in some Russian food-sector incidents, especially where a victim has an alleged war-support nexus. It does not establish attribution for the Bashkortostan dairy incidents.

The strongest Ukraine-aligned indicator in the food-sector set remains the Sayanmoloko/Semyonishna dairy plant incident in Khakassia. That attack reportedly used a LockBit ransomware variant, spread via AnyDesk, and caused printers to produce leaflets condemning the company’s support for Russian troops. The messaging, timing, and victim context make a pro-Ukraine or anti-war motive plausible. Public evidence still does not identify the actor or prove Ukrainian state direction.

The best analytic framing is therefore mixed-adversary disruption under wartime conditions. The incidents likely involve a blend of ransomware/crimeware, hacktivist activity, politically motivated disruption, and possible Ukraine-aligned operations in selected cases. There is no public evidence at this time that China, Iran, North Korea, or another non-Ukrainian nation-state is conducting the Russian dairy-sector attacks.

Key Analytic Judgments

First, the operational center of gravity is enterprise IT and regulated logistics, not confirmed OT manipulation.
The public record shows disruption to accounting, shipment documentation, electronic document management, 1C-style enterprise systems, labeling, certification platforms, and public websites. It does not show confirmed manipulation of pasteurization, refrigeration, mixing, clean-in-place systems, PLCs, SCADA systems, or industrial control logic.

Second, food-sector disruption in Russia is amplified by mandatory digital compliance systems.
Russian dairy and animal-product movement depends on electronic veterinary certification, product marking, shipping documents, and retailer acceptance workflows. If those systems fail, production may continue while the supply chain still stalls. This is the central lesson from the Mercury/VetIS disruptions and the company-level attacks against dairy and bread producers.

Third, the Bashkortostan cluster contains two different effect types.
Ufagormolzavod appears to be a business-process disruption affecting logistics, accounting, and documentation. Molochnaya Kukhnya appears to be a public-trust attack that used a compromised website to inject a false food-contamination narrative. The timing and sector overlap are notable, but there is no public technical evidence linking the two events to the same actor.

Fourth, Ukraine-aligned involvement is plausible in selected Russian food-sector incidents but not proven for the latest Ufa case.
The Sayanmoloko/Semyonishna incident contains the strongest pro-Ukraine signal because of the printed messaging and the reported link to support for Russian troops. Ufagormolzavod lacks equivalent evidence: no public claim, no known leak, no ransom note, no technical indicators, no actor-controlled proof, and no confirmed war-support nexus.

Fifth, attribution to another nation-state is unsupported.
Russian victim-side rhetoric sometimes points to Western intelligence or foreign services, but the reviewed public record does not provide technical evidence for that claim. No credible public reporting ties these dairy-sector incidents to China, Iran, North Korea, NATO services, or another non-Ukrainian state actor.

Incident Chronology

GK Kabosh, Pskov Region, July 2024

GK Kabosh, a major Russian cheese producer, reportedly suffered a serious cyberattack that stopped production and shipping for approximately one month. Public Russian industry reporting described extortion and an attempt to erase information. The company’s leadership blamed Western intelligence, but no technical evidence was publicly provided to support that attribution.

This incident fits ransomware or extortion-enabled business disruption. It remains unattributed. The stronger conclusion is that the attack exposed the dependency of dairy production on business systems used for invoicing, shipping, and delivery authorization.

Sayanmoloko / Semyonishna Dairy Plant, Khakassia, December 2024

The Semyonishna dairy plant, owned by Sayanmoloko, was reportedly disrupted with a LockBit ransomware variant. Russian FSB-linked local reporting stated that AnyDesk was used to spread the malware and that the targeted system lacked antivirus protection. The attack reportedly occurred after the company provided humanitarian aid, including drones, to Russian soldiers fighting in Ukraine.

This is the most politically marked dairy-sector incident in the dataset. Company printers reportedly produced leaflets accusing the firm of helping the Russian government and supporting the killing of Ukrainians. The messaging points toward a pro-Ukraine or anti-war motive. It does not prove Ukrainian state direction. A criminal ransomware toolchain can be reused by affiliates, copycats, hacktivists, or hybrid actors.

Mercury / VetIS Electronic Veterinary Certification System, June 2025

Russia’s Mercury platform, part of the VetIS system used for electronic veterinary certification, was disrupted in June 2025. Dairy producers and suppliers were forced to revert to paper veterinary certificates. Some retailers and distribution centers reportedly refused to accept shipments without electronic documents, creating supply-chain friction even where products physically existed and production continued.

This was a systemic chokepoint event. Mercury is not a dairy company, but it controls a required documentation layer for animal-based products. The incident demonstrates that disruption of certification infrastructure can create sector-wide effects without touching any single production line.

No group publicly claimed responsibility. No actor attribution has been established.

Rosselkhoznadzor / VetIS / Saturn Disruptions, October 2025

Russia’s food-safety and agricultural oversight systems were reportedly hit again in October 2025. Public reporting described disruption to systems used to track agricultural products, chemicals, meat, milk, and baby food shipments. Authorities minimized data-integrity risk, but the operational issue was availability and shipment continuity.

This incident resembles hacktivist or denial-of-service activity at the effect level, but the public record does not establish whether the cause was DDoS, intrusion, destructive activity, or another failure mode. Attribution remains unresolved.

Vladimir Bread Factory, January 2026

A cyberattack against Vladimir Bread Factory knocked out office computers, servers, electronic document management tools, and the widely used 1C enterprise accounting system. Production reportedly continued, but orders and deliveries were disrupted.

This incident is an important adjacent case because it shows the same operational pattern outside dairy. Food-sector disruption does not require production sabotage. Disabling the business systems that process orders, invoices, delivery documents, and commercial records can interrupt supply.

The incident remains unattributed and is most consistent with ransomware, destructive business-system intrusion, or opportunistic criminal compromise.

Molochnaya Kukhnya, Bashkortostan, June 2026

Attackers compromised the official website of Bashkortostan’s Molochnaya Kukhnya and posted false claims that power outages had contaminated dairy products with dangerous bacteria. Regional officials denied the claim, stated that power supply and temperature controls were normal, and said there was no recall.

This incident should be treated as public-trust manipulation. The target serves children, pregnant women, and other sensitive beneficiary groups. The attacker did not need to compromise production to create risk. By introducing a false contamination narrative, the operator aimed at confidence in food safety, official communication, and social-service reliability.

There is no public attribution. The incident is consistent with hacktivist-style disruption, criminal website compromise, competitive sabotage, or wartime psychological disruption. It should not be attributed to Ukraine without additional evidence.

Ufagormolzavod, Ufa, June 2026

Ufagormolzavod, a large dairy producer in Ufa, Bashkortostan, suffered a cyberattack affecting logistics, accounting, shipment documentation, and automated business workflows. Company leadership stated that production continued, but staff were moved to manual processing and shipment paperwork slowed. Local reporting added stronger claims, including employee account lockout, temporary operational stoppage, and possible access to client, contract, and invoice databases. Those stronger claims remain less corroborated.

Ufagormolzavod is a material regional producer. Its own public materials describe processing capacity of approximately 150 tons of milk per day, with expansion potential to 250 tons per day, and Russian business reporting placed 2025 revenue at 5.6 billion rubles. The incident therefore affected a meaningful regional food-production node.

Attribution remains unknown. The most likely actor class on the present record is ransomware/crimeware or intrusion-enabled business disruption. Ukraine-aligned involvement is possible only as a hypothesis, not as an evidenced finding.

Victimology

The victim set spans four functional layers.

The first layer is production and processing: Ufagormolzavod, Sayanmoloko/Semyonishna, Kabosh, and Vladimir Bread Factory. These entities produce physical food products. The observed attacks affected enterprise systems, documentation, labeling, and delivery workflows rather than publicly confirmed industrial-control systems.

The second layer is certification and regulatory infrastructure: Mercury, VetIS, and Rosselkhoznadzor-linked systems. These systems determine whether dairy, meat, baby food, and other regulated products can move through the legal supply chain. Disruption here creates broader sector effects.

The third layer is logistics and commercial execution: orders, invoices, contracts, EDI, accounting, retailer acceptance, and shipment release. This is the repeated failure layer across incidents. Production can continue while products still fail to reach stores.

The fourth layer is public trust: Molochnaya Kukhnya and similar public-facing food-safety channels. The listeria hoax shows that attackers can target consumer confidence and institutional credibility with a low-cost website compromise.

Threat Activity Analysis

The incidents show a repeatable disruption model: attackers do not need to manipulate food production equipment to create operational effect. Disrupting shipment documents, veterinary certificates, product labels, invoices, contracts, ERP systems, 1C, EDI, or retailer data exchange can stall product movement even when production continues.

Manual fallback is a recurring weakness. Ufagormolzavod moved shipment paperwork into manual mode. Mercury and VetIS outages pushed producers back to paper certificates. Vladimir Bread Factory had to work around unavailable document-management and 1C systems. These workarounds preserve partial operations, but they slow throughput, introduce errors, and depend on regulators, distributors, and retailers accepting nonstandard processes.

Molochnaya Kukhnya shows a separate public-trust effect. The attackers used a false listeria and power-outage claim to trigger concern over food safety, especially around children’s dairy products. Even a quickly disproven contamination claim can force testing, denials, public reassurance, and brand repair.

The activity sits at the convergence of ransomware, hacktivism, and wartime disruption. Some incidents look financially motivated. Others carry political messaging. Some hit strategic chokepoints without a clear ransom narrative. Sayanmoloko/Semyonishna is the clearest hybrid case: a LockBit variant suggests ransomware tooling, while anti-war printer messaging and the victim’s reported support to Russian troops suggest political motive.

Adversary Assessment

Ransomware and crimeware remain the most likely explanation for the company-level disruptions at Ufagormolzavod, Kabosh, Vladimir Bread Factory, and related food-sector victims. The effects match enterprise intrusion and ransomware pressure: locked accounts, unavailable servers, inaccessible accounting systems, disrupted documents, possible database access, and forced manual operations. A political motive is more plausible where the incident includes messaging, target selection, or wartime context. Sayanmoloko/Semyonishna is the strongest case. The reported anti-war printer messaging, combined with the company’s support to Russian troops, points toward a pro-Ukraine or anti-war actor, but does not prove Ukrainian state direction.

Ukraine-aligned cyber activity against Russian targets is well established across the broader conflict, including reported operations against aviation, logistics, defense firms, occupied-territory infrastructure, telecoms, and war-support industrial entities. Groups and clusters such as Ukrainian Cyber Alliance, Hacking Cat, BO Team, Head Mare, Silent Crow, Belarusian Cyber Partisans, Paper Werewolf, and GOFFEE vary in structure and proximity to the Ukrainian state. Some appear independent, some state-adjacent, and some politically motivated. Their activity shows capability and target logic against Russian physical-economy systems, but that broader pattern does not establish responsibility for Ufagormolzavod or Molochnaya Kukhnya.

There is no public evidence tying Ufagormolzavod or Molochnaya Kukhnya to HUR, SBU, the IT Army of Ukraine, or another Ukrainian state body. Ukrainian state-directed targeting is clearest where victims directly support Russia’s war effort, such as military logistics, defense suppliers, energy infrastructure, occupied-territory administration, telecoms, rail, drone supply, and customs or shipping channels moving sanctioned or military-use goods. Sayanmoloko/Semyonishna has a reported support-to-troops nexus. Ufagormolzavod and Molochnaya Kukhnya do not currently have a public war-support nexus in the reporting reviewed.

The current assessment is low confidence that Ukrainian state services directed the Ufagormolzavod incident, low confidence that they directed the Molochnaya Kukhnya website compromise, and moderate confidence that Sayanmoloko/Semyonishna had a pro-Ukraine or anti-war motive. Ukraine-aligned non-state or hybrid actors may be responsible for some Russian food-sector disruption where political messaging or war-support victimology is present, but that remains a low-to-moderate confidence assessment. Attribution to other nation-states is unsupported. The reviewed evidence does not credibly connect these incidents to China, Iran, North Korea, or another state actor. Russian claims about Western intelligence involvement should be treated as wartime rhetoric unless supported by technical evidence.

The current assessment is therefore:

Low confidence that Ukraine state services directed the Ufagormolzavod incident.

Low confidence that Ukraine state services directed the Molochnaya Kukhnya website compromise.

Moderate confidence that at least one Russian dairy-sector incident, Sayanmoloko/Semyonishna, had a pro-Ukraine or anti-war motive.

Low to moderate confidence that Ukraine-aligned non-state or hybrid actors may be responsible for some Russian food-sector disruption where political messaging or war-support victimology is present.

Assessment of Other Nation-State Involvement

No evidence currently supports attribution of the Russian dairy and food-sector incidents to another nation-state. PRC, Iranian, and DPRK cyber programs have known intelligence, disruption, financial, and strategic objectives, but the reviewed incidents do not match any public evidence trail pointing to those actors. No infrastructure, malware family, targeting requirement, public claim, or geopolitical logic currently supports their involvement.

Russian claims about Western intelligence involvement should be treated cautiously. Such claims may be politically useful under wartime conditions and are not sufficient without technical corroboration.

Incident-Level Attribution Matrix

Incident	Most Likely Actor Class	Ukraine-Aligned Evidence	Other Nation-State Evidence	Confidence
Ufagormolzavod	Ransomware/crimeware or intrusion actor	No public claim, no technical link, no known war-support nexus	None	Moderate for actor class, low for attribution
Molochnaya Kukhnya	Hacktivist-style website compromise or public-trust disruption	The effect is consistent with wartime disruption, but there is no claim or technical link	None	Moderate for effect type, low for attribution
Sayanmoloko/Semyonishna	Pro-Ukraine or anti-war hacktivist/criminal hybrid	Anti-war leaflets, reported support to Russian troops, ransomware tooling	None	Moderate for motive, low for named actor
Mercury/VetIS	Hacktivist DDoS, intrusion, or unattributed disruption	Strategic chokepoint, but no claim	None	Low
Rosselkhoznadzor systems	Hacktivist DDoS or unattributed disruption	Strategic chokepoint, but no claim	None	Low
Vladimir Bread Factory	Ransomware/crimeware or destructive business-system intrusion	No public claim	None	Low to moderate
Kabosh	Ransomware/extortion actor	No public claim in reviewed sources	Victim-side Western-intelligence claim unsupported	Low to moderate

MITRE ATT&CK Mapping

ATT&CK ID	Technique	Relevance
T1219	Remote Access Software	Relevant to Sayanmoloko/Semyonishna reporting that AnyDesk was used to spread ransomware.
T1486	Data Encrypted for Impact	Relevant to reported LockBit-variant encryption and likely relevant to ransomware/extortion-style incidents.
T1491.001	Internal Defacement	Relevant where attackers altered internal printers or internal messaging surfaces.
T1491.002	External Defacement	Relevant to the Molochnaya Kukhnya website compromise and false contamination messaging.
T1498	Network Denial of Service	Possible for VetIS/Rosselkhoznadzor-style disruptions if DDoS was involved.
T1499	Endpoint Denial of Service	Relevant to incidents where office computers, servers, and enterprise systems became unavailable.
T1565.002	Stored Data Manipulation	Possible for false website content and public-safety messaging. Not confirmed for production or certification databases.
T1489	Service Stop	Possible in ransomware cases, but public detail is insufficient to confirm.
T1490	Inhibit System Recovery	Possible in ransomware or destructive incidents, but public evidence is insufficient to confirm.
T1657	Financial Theft or Extortion	Relevant to Kabosh-style extortion reporting and possible ransomware-motivated cases.

Indicators and Observables

No technical indicators of compromise have been publicly confirmed for the Ufagormolzavod incident. There are no public hashes, C2 domains, malware configurations, ransom-note strings, wallet addresses, attacker infrastructure, leaked sample files, or confirmed actor handles.

Entity Observables

Observable	Type	Relevance
Ufagormolzavod	Victim entity	Ufa dairy producer disrupted in June 2026.
Molochny Fermer	Brand	Ufagormolzavod-associated dairy brand.
Molochnaya Krepost	Brand	Ufagormolzavod-associated dairy brand.
Dva Kotenka	Brand	Ufagormolzavod-associated dairy brand.
Molochnaya Kukhnya	Victim entity	Bashkortostan state-run dairy program hit by website compromise.
Mercury	System dependency	Russian electronic veterinary certification system.
VetIS	System dependency	Russian federal veterinary surveillance information system.
Rosselkhoznadzor	Regulatory entity	Russian agricultural and veterinary oversight agency.
Sayanmoloko	Victim entity	Khakassia dairy company affected by LockBit-variant incident.
Semyonishna	Victim facility	Dairy plant tied to Sayanmoloko incident.
GK Kabosh	Victim entity	Cheese producer disrupted by extortion-style attack.
Vladimir Bread Factory	Victim entity	Food producer affected by office, server, EDI, and 1C disruption.

Conclusions

The Russian dairy and food-sector incidents do not yet constitute a proven campaign, but they expose a repeatable disruption model. Attackers are hitting the systems that turn production into deliverable product: certification, labeling, invoicing, shipment release, ERP, and retailer acceptance. In dairy and other perishable sectors, that is enough to create operational effect without confirmed sabotage of production equipment.

Ufagormolzavod should remain unattributed. Its impact profile fits ransomware or intrusion-enabled business disruption. Molochnaya Kukhnya should also remain unattributed, though the false listeria message shows a public-trust effect consistent with wartime psychological disruption. Sayanmoloko/Semyonishna is the strongest pro-Ukraine or anti-war case because of the reported anti-war printer messaging and the company’s support to Russian troops.

The broader Ukraine-aligned cyber ecosystem has the capability and precedent to target Russian logistics and war-support infrastructure, which makes involvement plausible in selected food-sector cases. It does not prove Ukrainian state involvement in the Bashkortostan dairy incidents. The most defensible assessment is mixed actor activity: ransomware, crimeware, hacktivist disruption, public-trust manipulation, and possible Ukraine-aligned operations where victimology or messaging supports it. Attribution to another nation-state remains unsupported.

Source notes

Ufagormolzavod reporting is based on The Record’s June 2026 coverage of logistics, accounting, paperwork, and shipment disruption, plus local Russian reporting describing manual fallback and stronger but less corroborated claims of account lockout and database access. The company has not publicly disclosed an actor, data-compromise finding, or restoration timeline. (The Record from Recorded Future)

The Sayanmoloko/Semyonishna attribution caveat is important: public reporting supports LockBit-variant ransomware, AnyDesk propagation claims, and anti-war printer messaging, but not a named actor or Ukrainian state direction. (The Record from Recorded Future)

The Mercury/VetIS assessment rests on reporting that Russia’s electronic veterinary certification system outage disrupted dairy and animal-product shipments and forced paper fallback, with no public actor claim. (The Record from Recorded Future)

The broader Ukraine-aligned ecosystem assessment draws on public reporting that pro-Ukraine groups such as BO Team, Head Mare, Silent Crow, Belarusian Cyber Partisans, Paper Werewolf, and GOFFEE have targeted Russian logistics, aviation, defense, and industrial entities, including cases where Ukrainian military intelligence or state-adjacent cooperation was reported. (The Record from Recorded Future)

Ukraine’s current strategic posture supports attacks on facilities Russia uses for war, but that does not by itself attribute food-sector incidents absent technical or actor-controlled evidence. (Reuters)

RU Reporting:

Bash.News — “«Уфагормолзавод» подвергся хакерской атаке”
Conservative impact account for Ufagormолзавод: external threat to IT systems, automated processes paused, manual mode used, and impact limited to document processing and shipment speed.
bash.news

KP-Ufa — “«Уфагормолзавод» атаковали хакеры: гендиректор рассказал о последствиях”
Confirms production reportedly continued, milk processing and retail deliveries continued, and the attack affected document and shipment speed. Also links the earlier Molochnaya Kukhnya site compromise.
ufa.kp.ru

BFM Ufa — “Хакерская атака остановила работу «Уфагормолзавода»”
Stronger local version citing Mash Batash: employee account lockout, temporary stoppage, and alleged access to databases with client, contract, and invoice data. Use cautiously.
ufa.bfm.ru

BFM Ufa — “Молоко убежало… Два инцидента с молочными компаниями в сфере IT-безопасности за двое суток”
Local analysis tying the Molochnaya Kukhnya and Ufagormolzavod incidents together. Includes expert comments that the Ufagormolzavod case resembled ransomware/extortion, possible remote-access compromise discussion, and caution against over-attribution.
ufa.bfm.ru

KP-Ufa — “Минторг Башкирии: информация о заражении продукции «Молочной кухни» – фейк”
Primary regional source for the Molochnaya Kukhnya public-trust incident: official site compromise, false listeria/power-outage claim, denial by Bashkortostan authorities, normal power and temperature controls, and no recall.
ufa.kp.ru

Milknews — “Хакерская атака на месяц приостановила работу производителя сыра ГК «Кабош»”
Core Russian dairy-industry source for Kabosh: month-long halt, blue screens, inability to ship goods or issue invoices, extortion claim, alleged attempt to erase information, and unsupported victim-side claim about Western intelligence.
milknews.ru

19rusinfo — “Хакеры взломали систему защиты ОАО «Саянмолоко»”
Local Russian source for Sayanmoloko/Semyonishna: working PCs stopped functioning, connected printers printed an offensive manifesto with a pro-Ukrainian tone. Useful for the political-messaging component.
19rusinfo.ru

Milknews — “«Ведомости»: производители продуктов питания испытывают сложности с отгрузками…”
Key Russian source for the June 2025 Mercury/VetIS outage: emergency mode, virus-attack explanation, paper veterinary certificates, and shipment problems for dairy, meat, and fish producers.
milknews.ru

Soyuzmoloko repost / Mayma Moloko — “Союзмолоко прокомментировал сбой в ФГИС «ВетИС»”
Useful for fallback ambiguity: Mercury-connected producers could accumulate veterinary documents for later upload, but unclear regulator guidance created inconsistent interpretations.
maymamoloko.ru

Rosselkhoznadzor — “О сбое в работе ФГИС «ВетИС»”
Official source for the June 18, 2025 VetIS/Mercury disruption: access to Mercury web/API interfaces was impeded and the system entered emergency mode.
fsvps.gov.ru

RBC — “Россельхознадзор подвергся масштабной DDoS-атаке”
Strong source for the October 2025 Rosselkhoznadzor incident: official DDoS framing, affected information systems, producer complaints about system issues, and no stated threat to document-processing integrity.
rbc.ru

Kommersant — “Кибератака ударила по молочникам”
Best Russian business-press source for the dairy-sector angle in the October 2025 VetIS/Saturn DDoS: unstable access, reported interruption to Mercury by producers, shipment pauses, and Rosselkhoznadzor’s denial that Mercury stopped functioning.
kommersant.ru

VetIS.News / Rosselkhoznadzor Telegram mirror
Primary-channel language for the October 22, 2025 DDoS: attack began around 08:40 Moscow time, targeted Rosselkhoznadzor systems, and was not said to threaten integrity or confidentiality of processed data.
t.me

Milknews — “Россельхознадзор сообщил о DDoS-атаке на ФГИС «ВетИС» и «Сатурн»”
Short industry-source writeup on the October 2025 DDoS against VetIS and Saturn, including start time, affected systems, and official mitigation language.
milknews.ru

6TV Vladimir — “Владимирский хлебокомбинат рассказал о кибератаке…”
Strong local source for Vladimir Bread Factory: production continued, but logistics and order processing were disrupted after internal servers, 1C, EDI/document workflow, computers, and telephony were affected.
6tv.ru

RosHleb — “В российском регионе перебои с хлебом из-за хакеров”
Industry corroboration for Vladimir Bread Factory: computers, servers, electronic document services, and 1C unavailable; staff handled orders and shipment documents manually 24/7; production equipment reportedly unaffected.
roshleb.com

TAdviser — “Владимирский хлебокомбинат”
Secondary technical profile/source for the Vladimir Bread Factory incident. Use as corroboration only, not as the primary incident account.
tadviser.ru