The Telegram channel Mash has identified Hacken as the group responsible for a widespread cyberattack on Russia, also naming specific individuals allegedly involved in the operation. This revelation comes amidst a series of recent high-profile cyber incidents affecting major Russian companies.
Hacken is officially an international cybersecurity company with Ukrainian origins. According to reports, in March 2022, it received millions of dollars in investment from American sources. The group has been actively engaged in online activities against Russia since the onset of the «special military operation.» Its headquarters are situated in Tallinn, Estonia, while its core team relocated from Ukraine to Lisbon, Portugal, in March 2022. As of July 2025, the group reportedly consists of 110 individuals, with 60 of them based in Ukraine.
The Mash report asserts that the de-anonymization of these hackers was achieved through the collaborative efforts of other hacking groups, KillNet and Beregini. While Mash published the names of the alleged perpetrators, it did not provide additional evidence to substantiate their direct involvement. The list of named individuals includes Hacken CEO Dmitry Budorin, CTO Sergey Dovgopoly, information security expert Alexander Gorlan, Denis Ivanov (head of the expert group at the Ministry of Digital Transformation of Ukraine), as well as Evgeny Bezugly from Kyiv and Evgenia Broshevan from Odesa.
The primary tools employed in these attacks were described as «simple DDoS attacks» supplemented by a data-stealing malware, or «stiller,» which was reportedly disseminated across the Russian internet (RuNet) prior to the incidents. Mash further claimed that «unsophisticated hackers» from Anonymous were also enlisted to support the attacks on Russian resources. Anonymous is widely recognized for declaring cyberwar against Russia in February 2022 and for carrying out what Mash described as «fake hacks.»
Throughout July, several prominent Russian companies fell victim to these cyber assaults. On July 29, the pharmacy chains Stolichki and Neopharm, along with the family clinics network Semeyny Doktor, reported operational disruptions. The day prior, on July 28, Aeroflot experienced a significant system breach. Earlier in the month, on July 14, hackers managed to paralyze the operations of the Winelab liquor store chain.
