Russia’s LANIT Group Faces Cyberattack, Potential Impact on Financial Institutions

In a significant cybersecurity incident, two major Russian IT companies, LANTER and LAN ATMservice, have been targeted in a cyberattack. Both companies are subsidiaries of the LANIT Group, a prominent IT service and software provider in Russia. The attack has raised concerns about the potential compromise of financial and credit institutions across the country.

Key Points of the Cyberattack

1. Affected Companies: LANTER specializes in payment solutions and POS terminal integration, while LAN ATMservice provides ATM and self-service terminal solutions, including maintenance and software development.
2. Notification: On February 21, FinCERT, a division of the Bank of Russia, notified credit and financial institutions about the possible compromise of these organizations.
3. Security Measures: The National Computer Incident Response & Coordination Center Incidents (NCIRCC) has advised organizations to change passwords and keys for systems operated in LANIT data centers immediately. Additionally, companies granting LANIT engineers remote access should revoke these credentials and enhance threat monitoring.
4. Potential Threat Actors: Although the attackers remain unidentified, the ongoing conflict between Russia and Ukraine suggests that local cyberattackers might be involved. Previous cyberattacks between the two nations have been significant, including a major Russian strike on KA-SAT, a satellite internet service used by Ukraine.
5. LANIT Group’s Significance: The group serves prominent clients like the Russian Ministry of Defense and major players in the military-industrial complex, such as Rostec. LANIT was sanctioned by the US Department of Treasury in May 2024.
   Broader Cybersecurity Context

• Sophisticated Attacks: Cyberattacks against financial institutions are becoming increasingly sophisticated, often involving multi-stage and multi-layered tactics that bypass traditional security measures.
• International Sanctions: There has been a global crackdown on cybercrime, with sanctions imposed on entities like the Russia-based LockBit hosting provider.