Cyber Incident Victim: Qiwi

On May 1, 2022, the hacktivist group NB65, affiliated with the Anonymous collective, publicly claimed responsibility for a cyberattack targeting Russian payment processor Qiwi plc. The group announced the breach via Twitter, stating it had accessed Qiwi’s databases as part of Operation OpRussia, a campaign targeting Russian entities following the invasion of Ukraine. NB65 asserted it exfiltrated 10.5 terabytes of data, including 30 million payment records, and filtered 12.5 million credit card details. The attackers declared their intent to disrupt Russia’s financial system, directly referencing Qiwi’s prior statement that Western sanctions had not impacted its operations. NB65 further claimed to have encrypted Qiwi’s networks using ransomware and issued a three-day ultimatum, threatening to release one million records daily unless contacted. The group emphasized the attack’s punitive nature, linking it to Qiwi’s role in facilitating financial transactions within Russia and CIS countries.

On May 5, 2022, NB65 escalated its disclosure by tweeting two download links purportedly containing 7 million payment card numbers and associated payment records. One link was nonfunctional, but the active link allegedly exposed card data including expiration dates. The group framed this leak as partial proof of the breach. Qiwi responded to these claims through Russia’s TASS news agency, denying any compromise of its systems. The company maintained that its payment services operated normally and that customer data remained secure. No independent verification of NB65’s claims or Qiwi’s counterstatement was provided in the source material. The incident followed NB65’s April 2022 breach of Russian broadcaster VGTRK, where the group leaked 786 gigabytes of data, reinforcing its focus on Russian critical infrastructure during this period.