Russian officials warn of potential compromise of major tech services provider

Russian cybersecurity authorities have warned local credit and financial businesses about a potential compromise involving subsidiaries of the country's largest tech services provider, LANIT.

In an unusual public disclosure issued late last week, Russia’s National Coordination Center for Computer Incidents (NCCCI) stated that the incident likely affected the information infrastructure of two LANIT companies specializing in payment services and supplying software for banking equipment and automated teller machines (ATMs).

Moscow-based LANIT operates across multiple sectors, including software development, cybersecurity and system integration. It is a key contractor for Russian state entities, including the Ministry of Defense and major defense and aerospace corporations. The company was sanctioned by the U.S. in 2024 in an effort “to degrade Russia’s ability to sustain its war machine.”

In a statement on Friday, the NCCCI urged LANIT’s customers to change passwords and access keys for systems hosted on the company’s data servers. It also recommended that any entities using LANIT’s software or products, particularly those with remote access granted to the company’s engineers, update their access credentials.

“If you detect any signs of a compromise in your organization's information infrastructure, please report them to the NCCCI,” the agency said.

Although details about the breach remain scarce, the fact that Russian authorities have publicly acknowledged a potential cyberattack on a state contractor is significant in itself. LANIT has not commented on the potential compromise of its systems. The threat actor behind the alleged attack is unknown.

This is one of the latest cyber incidents affecting Russian companies in the financial and banking industries. The majority of these attacks have been claimed by hackers linked to Ukraine.

Earlier in December, Ukraine’s military intelligence agency (HUR) reported launching a powerful distributed denial-of-service (DDoS) attack on one of Russia’s largest privately owned banks, Gazprombank, disrupting its online and mobile banking services. Following the alleged attack, Russian users reported difficulties accessing Gazprombank services.

In July, several large Russian banks reported suffering DDoS attacks that temporarily disrupted their mobile apps and websites. These attacks were also claimed by Ukraine’s intelligence.

In an incident publicized in October, two groups of pro-Ukrainian hackers and Ukraine’s security service (SBU) claimed to have breached Russia's largest private bank, Alfa-Bank. In January, attackers involved in the Alfa-Bank hack released data they claimed belonged to 30 million bank customers.