Russia warns financial sector of major IT service provider hack

Russia's National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country's credit and financial sector about a breach at LANIT, a major Russian IT service and software provider.

According to the bulletin, which was also published on the website of GosSOPKA (State System for Detection, Prevention, and Elimination of Consequences of Computer Attacks), the attack took place on February 21, 2025, and potentially impacted LLC LANTER and LLC LAN ATMservice, both part of the LANIT Group of Companies.

LANIT Group is a significant and influential company in Russia's information technology sector, considered the country's largest system integrator.

Its clientele includes prominent entities such as the Russian Ministry of Defense and major players in the military-industrial complex, including Rostec, which is why it got sanctioned by the U.S. Department of the Treasury in May 2024.

LLC LANTER and LLC LAN ATMservice are Russian companies specializing in banking technology and services, specializing in software for banking equipment, payment systems, and Automated Teller Machines (ATMs).

Due to the breach at these two entities, NKTsKI recommends all potentially impacted organizations rotate passwords and access keys and change remote access credentials.

"NKTsKI recommends that all organizations immediately change passwords and access keys for their systems hosted in LANIT's data centers," reads the bulletin.

"If your infrastructure uses LANIT group developments and software products, and LANIT engineers have been granted remote access, it is also recommended to change connection credentials."

"Additionally, it is advised to enhance monitoring of threats and information security events in systems that were developed, deployed, or maintained by engineers from the LANIT Group of Companies."

Additional security recommendations are included in a PDF file, providing detailed advice on mitigating threats from compromised trusted external channels.

At this time, NKTsKI did not specify how attackers gained access to the LANIT network, when the compromise occurred, what data might have been stolen, and who could be behind the attack.

Russian ATM operators and banks have been the target of Ukrainian hackers multiple times in recent months, who oftentimes employ distributed denial of service (DDoS) tactics to cause disruption.

However, the latest notice from the Russian authorities indicates that there has been infiltration into a central service provider's systems, creating the potential for broad supply chain compromises.