- Russian NCIRCC warns about a cyber-attack against major IT firms
- LANTER and LAN ATMservice seem to have been hit.
- The culprits or the goals were not disclosed
Two major Russian IT companies have suffered a major cyberattack, putting many financial and credit institutions in the country at risk.
In a security bulletin, the country’s National Computer Incident Response & Coordination Center Incidents (NCIRCC) said LANTER, a Russian company specializing in payment solutions and POS terminal integration, and LAN, whose ATMservice provides ATM and self-service terminal solutions, including maintenance and software development, had been hit. Both are operating under the LANIT Group.
In the bulletin, NCIRCC said that on February 21, FinCERT (Financial Sector Computer Emergency Response Team - a division of the Bank of Russia responsible for cybersecurity in the financial sector) notified credit and financial institutions of the possible compromise of the two organizations.
Monitoring for compromise
“NCIRCC recommends that all organizations change passwords and keys to access their systems operated in LANIT data centers as soon as possible,” the bulletin says.
Furthermore, NCIRCC said that companies granting LANIT Group’s engineers remote access to their infrastructure should revoke the credentials and secure their premises. Furthermore, the potential victims are urged to strengthen threat monitoring, and to report to RuCERT if they spot any signs of compromise.
The bulletin does not discuss who the threat actors are, or what the nature of the attack is. However, since Russia is at war with Ukraine, it’s safe to assume this could be the work of local cyberattackers. Ukraine and Russia have exchanged significant cyber-blows over the last three years, including a major Russian strike on KA-SAT, a satellite internet service operated by Viasat.
This attack, which occurred hours before Russia’s full-scale invasion on February 24, 2022, targeted the satellite modems used by the Ukrainian military and government, disrupting communications at a critical moment. The attack also had unintended spillover effects, affecting internet services across Europe, including for wind farms in Germany.
LANIT Group’s clientele includes prominent entities, such as the Russian Ministry of Defense, as well as “major players” in the military-industrial complex, including Rostec. The group got sanctioned by the US Department of Treasury in May 2024.
Via BleepingComputer
You might also like
- These are the most common PayPal scams around right now - so stay alert
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
