Menu
Browse

Cyber Threat Actor: NN Hacking Group

Actor Type Location Known Incidents
 Icon
Criminal
Russia
1 incident
Profile

The threat actor tracked as NN Hacking Group is identified by that alias in open‑source reporting. The group is described as a Russian hacking collective, with its location noted as Russia. No additional aliases or alternative names are supplied in the provided material. Public attribution links the alias to specific cyber incidents, but no further structural details such as size or internal hierarchy are available.

On June 1, 2016, NN Hacking Group was credited with a breach of Verifone’s corporate network that persisted for several months. The intrusion focused on a customer support unit responsible for payment solutions used at gas stations. The actors’ stated aim was to obtain access to point‑of‑sale systems in order to facilitate fraud, not to disrupt payment services or conduct espionage. Although the payment services network remained unaffected, the attackers exploited weaknesses in fuel station terminals that had not yet received upgrades for chip‑based card readers. Verifone’s response included mandatory password resets, restrictions on software installations, and the launch of forensic investigations. The incident was noted to share similarities with earlier attacks on payment providers such as the Oracle MICROS breach, highlighting a recurring theme of targeting payment infrastructure.

The initial access vector described in the reporting was phishing emails containing malicious macros. After gaining a foothold, the actors leveraged known vulnerabilities in the fuel station terminals themselves, taking advantage of delayed security upgrades to move toward point‑of‑sale systems. No specific malware families, custom tools, or post‑exploitation toolkits are detailed in the sources for this activity. Attribution to a Russian hacking group is explicitly stated in the Verifone reporting, but no connection to a state sponsor or a larger criminal consortium is publicly established. The Verifone breach serves as the primary publicly reported campaign illustrating the group’s focus on payment‑sector targets and its reliance on social engineering and unpatched hardware vulnerabilities.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source