Cyber Incident Victim: LLC LANTER
Date:
Feb 2025
Location:
Cocos (Keeling) Islands
Summary
Russian authorities warned financial institutions about a cybersecurity breach impacting a major IT service provider specializing in banking technology, ATM software, and payment systems. The compromise potentially affected systems hosted by the provider and those developed or maintained by its engineers, raising concerns about broad supply chain risks. Recommendations included rotating credentials and enhancing monitoring, though the attackers' identity, methods, and specific data accessed remained undisclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 5 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 21, 2025, Russia's National Coordination Center for Computer Incidents (NKTsKI) issued a bulletin warning organizations within the country's credit and financial sector about a significant security breach. The breach impacted LANIT, described as Russia's largest system integrator and a major provider of IT services and software. Specifically, the attack affected two subsidiaries within the LANIT Group of Companies: LLC LANTER and LLC LAN ATMservice. These entities specialize in banking technology, including software for banking equipment, payment systems, and Automated Teller Machines (ATMs). The LANIT Group serves prominent Russian clients, including the Ministry of Defense and major military-industrial complex entities like Rostec, which led to U.S. sanctions against the company in May 2024. NKTsKI published the bulletin on its own platform and the GosSOPKA (State System for Detection, Prevention, and Elimination of Consequences of Computer Attacks) website. The bulletin did not specify how the attackers gained access to the LANIT network, the exact timing beyond the February 21st date, what specific data might have been compromised, or the identity of the attackers responsible for the incident. Russian financial institutions and ATM operators have frequently been targeted by Ukrainian hackers using distributed denial-of-service (DDoS) attacks recently, but this notice indicated a more severe infiltration into a central service provider's systems.
The NKTsKI bulletin contained specific recommendations for organizations potentially impacted by the breach at LLC LANTER and LLC LAN ATMservice. It urged all organizations utilizing systems hosted in LANIT's data centers to immediately rotate their passwords and access keys. Furthermore, if an organization's infrastructure relied on LANIT group-developed software products and had granted LANIT engineers remote access capabilities, changing those remote connection credentials was also strongly advised. NKTsKI additionally recommended enhancing monitoring efforts for threats and information security events within any systems that were developed, deployed, or maintained by engineers affiliated with the LANIT Group of Companies. The bulletin referenced a supplementary PDF file containing more detailed security advice focused on mitigating threats arising from compromised trusted external channels. The breach raised significant concerns due to the potential for broad supply chain compromises stemming from the infiltration of this central IT service provider, whose technologies and services underpin critical operations across the Russian financial sector.