Major Russian IT service provider hit with cyberattack

News
By
published

LANTER and LAN ATMservice seem to have been hit

Russian flag on a laptop
(Image credit: Shutterstock)
  • Russian NCIRCC warns about a cyber-attack against major IT firms
  • LANTER and LAN ATMservice seem to have been hit.
  • The culprits or the goals were not disclosed

Two major Russian IT companies have suffered a major cyberattack, putting many financial and credit institutions in the country at risk.

In a security bulletin, the country’s National Computer Incident Response & Coordination Center Incidents (NCIRCC) said LANTER, a Russian company specializing in payment solutions and POS terminal integration, and LAN, whose ATMservice provides ATM and self-service terminal solutions, including maintenance and software development, had been hit. Both are operating under the LANIT Group.

In the bulletin, NCIRCC said that on February 21, FinCERT (Financial Sector Computer Emergency Response Team - a division of the Bank of Russia responsible for cybersecurity in the financial sector) notified credit and financial institutions of the possible compromise of the two organizations.

Monitoring for compromise

“NCIRCC recommends that all organizations change passwords and keys to access their systems operated in LANIT data centers as soon as possible,” the bulletin says.

Furthermore, NCIRCC said that companies granting LANIT Group’s engineers remote access to their infrastructure should revoke the credentials and secure their premises. Furthermore, the potential victims are urged to strengthen threat monitoring, and to report to RuCERT if they spot any signs of compromise.

The bulletin does not discuss who the threat actors are, or what the nature of the attack is. However, since Russia is at war with Ukraine, it’s safe to assume this could be the work of local cyberattackers. Ukraine and Russia have exchanged significant cyber-blows over the last three years, including a major Russian strike on KA-SAT, a satellite internet service operated by Viasat.

This attack, which occurred hours before Russia’s full-scale invasion on February 24, 2022, targeted the satellite modems used by the Ukrainian military and government, disrupting communications at a critical moment. The attack also had unintended spillover effects, affecting internet services across Europe, including for wind farms in Germany.

LANIT Group’s clientele includes prominent entities, such as the Russian Ministry of Defense, as well as “major players” in the military-industrial complex, including Rostec. The group got sanctioned by the US Department of Treasury in May 2024.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
Someone holding a passport with two boarding passes inside it

Top digital loan firm security slip-up puts data of 36 million users at risk
Ethereum

Hackers steal over $1bn in one of the biggest crypto thefts ever
Garmin Vivoactive 5

Garmin's Venu 3 and vivoactive 5 finally have one of the most basic smartwatch features you can ask for
See more latest