Russia’s National Coordination Center for Computer Incidents (NKTsKI) issued a stark warning. The warning is for organizations in the country’s credit and financial sector. A major breach at LANIT, a leading Russian IT service and software provider, is said to be the cause.
The LANIT Breach: Details and Impact
The attack on LANIT occurred on February 21, 2025. It potentially affected LLC LANTER and LLC LAN ATMservice. Both are part of the LANIT Group of Companies. LANIT is a significant player in Russia’s IT sector.
It’s considered the country’s largest system integrator. Its clients include the Russian Ministry of Defense and key players in the military-industrial complex, including Rostec. This connection led to US sanctions against Rostec in May 2024.
LLC LANTER and LLC LAN ATMservice specialize in banking technology. Their expertise includes software for banking equipment, payment systems, and ATMs.
NKTsKI Recommendations: Immediate Actions Needed
Due to the breach, NKTsKI issued critical recommendations. All potentially affected organizations should take immediate action. Password and access key rotation is crucial. Remote access credentials must also be changed.
The NKTsKI bulletin states: “NKTsKI recommends that all organizations immediately change passwords and access keys for their systems hosted in LANIT’s data centers.”
It continues: “If your infrastructure uses LANIT group developments and software products, and LANIT engineers have been granted remote access, it is also recommended to change connection credentials.”
Enhanced threat monitoring is also advised. This includes monitoring systems developed, deployed, or maintained by LANIT engineers.
Further detailed advice is available in a PDF file. The file offers comprehensive guidance on mitigating threats. The threats stem from compromised trusted external channels.
Unanswered Questions and Speculations
NKTsKI hasn’t revealed how attackers gained access. The exact timing of the compromise remains unclear. The extent of data theft is also unknown. The perpetrators’ identity is a mystery.
Russian banks and ATM operators have been targeted by Ukrainian hackers. These attacks often involve distributed denial of service (DDoS) tactics. The LANIT breach, however, suggests a more serious threat.
It involves infiltration into a central service provider’s systems. This raises the risk of widespread supply chain compromises.
Further Reading:
- Learn more about recent cybersecurity incidents on our News page.
- For information on protecting your systems from similar attacks, see our Cybersecurity section.
- Read more about the dangers of Ransomware attacks.
