Russia warns financial sector of major IT service provider hack
Russia's National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country's credit and financial sector about a breach at LANIT, a major Russian IT service and software provider.
According to the bulletin, which was also published on the website of GosSOPKA (State System for Detection, Prevention, and Elimination of Consequences of Computer Attacks), the attack took place on February 21, 2025, and potentially impacted LLC LANTER and LLC LAN ATMservice, both part of the LANIT Group of Companies.
LANIT Group is a significant and influential company in Russia's information technology sector, considered the country's largest system integrator.
Its clientele includes prominent entities such as the Russian Ministry of Defense and major players in the military-industrial complex, including Rostec, which is why it got sanctioned by the U.S. Department of the Treasury in May 2024.
LLC LANTER and LLC LAN ATMservice are Russian companies specializing in banking technology and services, specializing in software for banking equipment, payment systems, and Automated Teller Machines (ATMs).
Due to the breach at these two entities, NKTsKI recommends all potentially impacted organizations rotate passwords and access keys and change remote access credentials.
"NKTsKI recommends that all organizations immediately change passwords and access keys for their systems hosted in LANIT's data centers," reads the bulletin.
"If your infrastructure uses LANIT group developments and software products, and LANIT engineers have been granted remote access, it is also recommended to change connection credentials."
"Additionally, it is advised to enhance monitoring of threats and information security events in systems that were developed, deployed, or maintained by engineers from the LANIT Group of Companies."
Additional security recommendations are included in a PDF file, providing detailed advice on mitigating threats from compromised trusted external channels.
At this time, NKTsKI did not specify how attackers gained access to the LANIT network, when the compromise occurred, what data might have been stolen, and who could be behind the attack.
Russian ATM operators and banks have been the target of Ukrainian hackers multiple times in recent months, who oftentimes employ distributed denial of service (DDoS) tactics to cause disruption.
However, the latest notice from the Russian authorities indicates that there has been infiltration into a central service provider's systems, creating the potential for broad supply chain compromises.
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
MediumAnti-CSRF Tokens Check
InformationalCross Site Scripting (Persistent) - Spider
LowInformation Disclosure - Sensitive Information in Browser sessionStorage
InformationalCookie Poisoning
MediumProxy Disclosure
InformationalInformation Disclosure - JWT in Browser sessionStorage
InformationalBase64 Disclosure in WebSocket message
InformationalInformation Disclosure - Information in Browser sessionStorage
Free online web security scanner
