Russia’s national food-safety regulator, Rosselkhoznadzor, faced a DDoS incident last week that took down its digital certification systems and disrupted product shipments across the country.
What happened?
On 22 October 2025, a DDoS attack flooded the public-facing services of VetIS and Saturn. The Mercury interface became unreachable, blocking certificate generation and validation. Suppliers could not confirm shipments, and some retailers stopped accepting deliveries entirely until access was restored.
Officials said the attack did not affect stored data, only availability. Connectivity returned later that day once network operators filtered the malicious traffic. Availability loss alone can cascade into full operational shutdowns when regulatory systems are centralised and interdependent.
The VetIS and Saturn platforms sit at the core of Russia’s national food-safety infrastructure. Both are operated by Rosselkhoznadzor and used daily by producers, distributors, and regional authorities to keep agricultural shipments moving. VetIS is a large online environment that links veterinary services, laboratories, logistics providers, and retailers. It manages everything from test results to product traceability records and shipment approvals.
Inside VetIS, the Mercury subsystem issues electronic veterinary certificates (EVCs) — mandatory digital documents for meat, dairy, and other animal-based products. Without them, goods cannot legally move through the supply chain. Saturn supports VetIS by handling high-volume transaction processing and synchronisation between regional databases. It acts as the control layer that keeps Mercury and other VetIS modules consistent across thousands of connected endpoints.
Repeated outages
This is the fourth disruption of Mercury in 2025. Previous outages also forced a temporary return to paper-based certificates, showing how dependent supply chains have become on a single online system.
Technical takeaways
No telemetry data has been published, but the symptoms are consistent with a volumetric or protocol-layer flood. Even without direct compromise, the operational effect was severe: delayed shipments, unprocessed certificates, and growing backlogs at regional distribution centres.
From a network-operations standpoint:
- Availability is a regulatory dependency. When certification or tracking systems go down, the impact spreads far beyond IT.
- Early escalation to upstream ISPs remains one of the fastest recovery paths in such incidents.
- Service observability (pps, concurrent sessions, flow counts) is often the first indicator that something abnormal is happening.
- Resilience means fallback. Offline or redundant workflows, even if temporary, are worth keeping tested.
Perspective for operators
DDoS can disrupt entire national logistics chains when digital certification systems go offline. Even systems that aren’t labelled ‘critical infrastructure’ can bring supply chains to a halt if they’re central to approvals or tracking.
For operators, the lessons are clear: continuous traffic monitoring, real-time visibility into service health, and fast coordination with upstream providers are the only reliable ways to contain outages. Fallback procedures such as offline processes, queued validations, or alternate communication channels, should be tested and ready because when these systems go down, delays ripple across multiple industries in real time.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.
For more information, visit https://fastnetmon.com