Pro-Ukraine group says it breached Russian card payment system

A group of pro-Ukrainian hackers claims to have breached Russia's national card payment system this week and obtained its user data.

Activists from the DumpForums group and the Ukrainian Cyber Alliance said they defaced a website of the government-run National Payment Card System (NSPK) and reportedly gained access to the internal systems of the consumer payment network Mir (“world” in Russian). Mir, a homegrown alternative to brands like Visa and Mastercard, is operated by the NSPK.

NSPK confirmed to Russian media that its website was indeed hacked. The intruders defaced the homepage, leaving a message that says that this “new” version of NSPK’s website was created in exchange for its users' personal data.

Mir payment system pic.twitter.com/WUzQggxq04

— herm1t (@vx_herm1t) October 30, 2023

The agency denied, however, that any data was leaked. In a comment to the Russian news agency Tass, an NSPK spokesperson said that the website is developed and maintained by a “third-party contractor,” and as such, it does not store any confidential information and is not linked to the payment infrastructure.

“It is impossible to access any systems through the website. The company's servers and data centers do not have internet access," NSPK’s spokesperson said.

The agency didn't comment on the hackers' claim that they also gained access to Mir’s internal systems but stated that the attacks had no impact on financial transactions and payments.

At the time of publication, the agency hadn't responded to a request for comment. Its website was still down as of mid-morning Tuesday, Eastern U.S. time.

In response to NSPK's comment, DumpForums published a screenshot of a folder that allegedly contains 30 gigabytes of Mir data.

Mir was launched in 2014 following Russia's first invasion of Ukraine and the annexation of the Crimean peninsula as a means to overcome potential disruptions in electronic payments due to sanctions imposed on several Russian banks.

The system is not popular outside of Russia due to the fear of Western sanctions. Less than a dozen Russia-friendly countries accept Mir payment cards, including Belarus, Venezuela and Cuba.

The share of Mir payments in Russia increased following the Kremlin's full-scale invasion of Ukraine and the departure of international payment services from Russia, and it now accounts for nearly 50%.

Attacks on Russian banks

Financial institutions in Russia are popular targets for Ukrainian hackers as they aim to disrupt the country's economy and make it harder for the Kremlin to finance its war efforts in Ukraine.

In early October, Ukrainian hackers [collaborated](https://therecord.media/sbu-involved-in-alfa-bank-hack with the country's security services, the SBU, to breach Russia's largest private bank, Alfa-Bank, and obtain data from millions of its customers.

A pro-Ukrainian group also claimed responsibility for a cyberattack on Russia's MTS Bank and Russia's largest state-owned bank, Sberbank.

In November of last year, Ukrainian cyber activists claimed to have breached the Central Bank of Russia, stealing thousands of internal documents detailing the bank's operations, security policies, and the personal data of some of its current and former employees.