Ukraine security services involved in hack of Russia’s largest private bank

Ukrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News.

Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, hacked into Alfa-Bank and claimed to obtain the data of more than 30 million customers, including their names, dates of birth, account numbers, and phone numbers, according to a post on their official website.

Alfa-Bank was sanctioned by the United States following Russia's invasion of Ukraine last year. The bank is owned by the Russian-Israeli billionaire Mikhail Fridman, who is blacklisted by the U.S. and Europe as part of efforts to impose restrictions on Russia's economy and its wealthiest businessmen.

Hackers released some of the data online, including information about Fridman and his son, pro-Russian blogger Artemy Lebedev, and Russian rappers Timati and Basta. Alfa-Bank denied reports of the leak, according to Russian news agency TASS.

A source within Ukraine's security service who requested anonymity because he is not authorized to speak publicly about the incident confirmed to Recorded Future News that the Ukrainian agency was involved in the operation, but did not provide further details.

This is not the first time Ukraine's intelligence has collaborated with hacktivists. The head of cybersecurity at the Security Service of Ukraine, Illia Vitiuk, has said previously that documents leaked by Ukrainian hackers play a significant role in the country's cyber intelligence efforts.

According to Vitiuk, the leaked data helps Ukraine to find out the Kremlin’s targets in Ukraine, how the enemy’s troops move, and how Russia avoids Western sanctions.

“Cyber intelligence helps us to obtain top-secret enemy documents,” Vitiuk said. “In the past, we had to recruit a spy in the enemy's country to get this kind of material, which was risky and time-consuming.”

The hackers who broke into Alfa-Bank said they plan to share the obtained data with investigative journalists.

They also claim to have asked Ukrainian YouTube blogger and prankster Evgeniy Volnov to call Fridman and tell him about the hack. The hacktivists published the alleged conversation on their website, in which Fridman supposedly said that he could not do anything about the hack and hung up the phone.

Alfa-Bank didn’t respond to request for comment.

Previously, hackers from NLB claimed responsibility for a cyberattack on Russia's MTS Bank and Russia's largest state-owned bank, Sberbank.