|Central Bank of Russia|
|Image: Russia's Central Bank/PhotoMosh|

Ukrainian hacktivists claim to leak trove of documents from Russia’s central bank

Ukrainian hacktivists claim to have breached the Central Bank of Russia, stealing thousands of internal documents.

A 2.6 GB folder released publicly on Thursday and partially reviewed by The Record contains 27,000 allegedly stolen files detailing the bank's operations, its security policies, and the personal data of some of its current and former employees.

“If Russia’s Central Bank cannot protect its own data, how can it guarantee the stability of the ruble?” hacktivists wrote on the Telegram messaging app. The alleged heist was carried out by members from Ukraine’s IT Army — a group of more than 200,000 cyber volunteers formed after Russia’s invasion of Ukraine in late February to conduct coordinated distributed denial-of-service attacks on Russian websites.

The central bank is one of Russia’s most important financial institutions, and serves as the architect of state monetary policy and regulator of the national currency. It denied that its system had been hacked and said that all leaked documents were already in the public domain, Russian media reported

This is not the first time that hackers have claimed to have breached the central bank. In March, hackers from the group Anonymous said they had leaked 35,000 documents from the bank and published them online.

“For spies, media organizations, and human rights activists, it is a treasure trove with insights and stories that could have catastrophic consequences for Russia,” according to Kenneth Geers, an analyst at a data security startup Very Good Security.

So far, it is difficult to say how significant the alleged leak of documents is. Some of the published files date back nearly two decades, while others outline the bank's strategy for the next two years.

Some documents detail the Russian policy of replacing imported computer programs and software with domestic technology “to ensure the smooth operation of the bank's payment system.”

Due to sanctions imposed after Russia's invasion of Ukraine, many international tech companies have left Russia or suspended operations, forcing the Kremlin to look for local alternatives.

The IT Army also released documents that allegedly contain the personal data of Russian servicemen, their phone numbers, and bank account numbers.

Russian banks have been the most popular targets among Ukrainian hacktivists since the beginning of the invasion. Earlier in September, the IT Army also hacked Russia’s third-largest bank, Gazprombank.

A DDoS attack took the bank's website down for four hours, preventing customers from sending payments, accessing their personal accounts, and using mobile banking, according to the IT Army.

“For a successful attack, we had to go through their entire network and find vulnerabilities there,” an IT Army representative told The Record. 

In order to bypass Russian DDoS protection services, the IT Army claimed to have created “a special program” that attacks the system “in a non-standard way, so it is difficult to deal with it.”

Gazprombank confirmed the September attack, and its vice president Olexander Egorkin even praised the Ukrainian hackers for their “creativity” and “professionalism.”

“The attack was so powerful that even Rostelecom — Russia's largest internet provider — suffered serious difficulties,” Egorkin said at a conference in September. Nonetheless, the impacts of the group’s cyberattacks on the course of the cyber war between Ukraine and Russia remains unclear. Some of the operations have managed to temporarily disrupt Russian businesses or at least cause concern.

Demand in the Russian banking sector for services that help defend against cyberattacks and data leaks has increased sharply since the start of the war, according to Russian media.

The departure from Russia of global technology and cybersecurity companies like Cisco, IBM, Oracle, Imperva, Fortinet, Norton, and Avast has also made Russian businesses more vulnerable to cyberattacks.

This only encourages the IT Army. “Our goal remains the same: make it difficult for banks to process payments, delay the fulfillment of financial obligations, and sow doubt among those who receive payments through them,” the hacktivists said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.