A little-known hacker group claimed responsibility for an attack that has disrupted service for days at CDEK, one of Russia’s largest delivery companies. The Russian-speaking hackers, who call themselves Head Mare, said they encrypted the company’s servers with ransomware and destroyed backup copies of its corporate systems. The company attributed disruption to its services over the weekend to a “massive technical failure” that affected the functionality of its website and mobile application. CDEK also suspended parcel shipments “to avoid errors during manual processing.” “On Monday, we made significant progress in restoring full operation, but unfortunately we were not ready to resume our service,” the company said. “All your parcels are safe, and we are doing everything necessary to ensure that they reach you as quickly as possible.” CDEK hasn’t attributed the disruption to a cyberattack, but an anonymous source within the company told Russian media outlet Vedomosti that it was a ransomware attack. Recorded Future News couldn’t verify this claim, as CDEK couldn’t be reached for comment. Later on Tuesday, the head of the Russian State Duma committee on information policy said the CDEK disruption was caused by a cyberattack. The hacker group took to X (formerly Twitter) to boast about their purported breach of CDEK systems “Head Mare did not give CDEK time to defend itself. The system administrators turned out to be too weak. The security policies did not justify themselves,” the group wrote on Monday in a statement in Russian. CDEK’s communications director said in an interview with the Interfax news agency that the company intends to resume operations no later than May 29. “We are working towards a full restoration of service, but we have also prepared backup plans,” he added. CDEK, which was founded in 2000 and operates as a franchise, has over 4,300 pick-up points in 31 countries as of 2023, with most located in Russia. In 2021, the company was valued at approximately $200 million. СDEK’s customers in Russia complained in comments to Russian media about the delays in parcel delivery. “Our children were supposed to receive a package from us on Friday. Still nothing,” one customer told local media in the Russian city of Novosibirsk. Another Russian citizen told Kommersant that a delivery delay would cost him 40,000 rubles ($450). The hackers didn’t specify why they targeted CDEK, which they claimed on X is “one of the worst delivery services in Russia.” The independent Russian outlet Meduza reported that at the beginning of the Russian invasion of Ukraine, Russian soldiers used CDEK to send large packages from the Ukrainian border. Head Mare is a relatively unknown hacker group that joined X in December of last year. Since then, it has claimed responsibility for attacks on several Russian companies, including internet providers, government agencies, factories, and oil and gas companies. The hackers have posted screenshots to confirm the alleged attacks, but the authenticity of the operations is hard to verify given the lack of public reporting about them from Russia.
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.