Russian dairy supply disrupted by cyberattack on animal certification system

Russian dairy producers have reported supply disruptions following a cyberattack on the country’s digital system for certifying animal-based products.

The Mercury platform, part of Russia’s Federal State Information System for Veterinary Surveillance (VetIS), was taken offline earlier this week due to the attack — the third such incident this year and the most severe to date, according to local media reports.

The outage forced producers and suppliers to revert to paper-based veterinary certificates. This shift caused logistical chaos: Several regional distribution centers refused to accept goods, reports said, and major retailers such as Lenta, Yandex Lavka, and Miratorg experienced supply chain interruptions.

Under Russian law, all businesses handling meat, dairy, eggs and other animal products must register with Mercury and issue veterinary documents electronically. Without them, processors are legally barred from accepting raw milk, as digital certification is required to verify product authenticity and safety.

While farmers can temporarily use paper certificates, many retailers rely exclusively on electronic document management systems and cannot accept paper-based deliveries. This has halted parts of the supply chain, local media said.

According to the dairy industry association Soyuzmoloko, some retailers are refusing to accept products without electronic documents. The group also warned that unclear guidance from regulators has caused confusion among suppliers.

The outage has also disrupted data exchange with other government digital platforms, including Russia’s mandatory product labeling system. Large-volume producers have been hit particularly hard, with industry representatives saying the emergency procedures in place are not designed for prolonged disruptions.

Restoration work is expected to continue through the end of the week, VetIS said in a statement.

No group has claimed responsibility for the attack, and it has not been attributed to any known threat actor.

Last December, the largest dairy processing plant in southern Siberia was hit by a ransomware attack. During the incident at the Semyonishna plant, an unidentified hacker group encrypted the company’s systems using a LockBit ransomware variant.

Local media have speculated that the breach may have been linked to the plant's reported support for Russian troops in Ukraine.