Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife

Avatar

The pro-Ukraine hacking group Cyber Alliance has claimed responsibility for a cyberattack on CarMoney, a Russian microfinance company linked to the former wife of President Vladimir Putin. 

CarMoney confirmed earlier this week that it had suffered a cyber incident, forcing it to shut down all systems after attackers sent spam messages to customers claiming the company was closing its business, donating its proceeds to charity and writing off all debts. The organization has not attributed the attack to Ukrainian hackers or disclosed the full extent of the breach.

CarMoney, one of Russia’s largest microfinance firms, issues short-term loans secured by vehicles. According to independent Russian media, Putin’s ex-wife, Lyudmila Ocheretnaya, controls the company through a network of offshore entities.

The hackers said their attack destroyed CarMoney’s infrastructure and compromised “terabytes of data.”

While CarMoney has assured clients and investors that no personal data was affected, the hackers claim they obtained information on a large number of borrowers, including members of Russian military units and intelligence officers.

The hackers shared screenshots on Telegram but the data’s  authenticity could not be independently verified. While CarMoney’s website remains operational, customers have reported ongoing payment service disruptions and difficulties accessing their accounts.

CarMoney has said it will waive late fees, refrain from reporting delays to credit bureaus and introduce a bonus program once its systems are restored.

The Ukrainian Cyber Alliance, a community of pro-Ukraine cyber activists formed in 2016, has targeted Russian entities since the invasion of Ukraine nearly three years ago. 

Earlier in January, the Ukrainian Cyber Alliance claimed the attack on the Russian internet provider Nodex. The company confirmed that the incident “destroyed” its infrastructure and affected connectivity for both fixed-line and mobile services.

Last October, the group claimed responsibility for disrupting parking enforcement in the Russian city of Tver. The year before, the hackers claimed to have breached Russia’s national card payment system and obtained user data.

IndustryCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Black Basta is latest ransomware group to be hit by leak of chat logs

Next Post

Feds fine Warby Parker $1.5 million for failing to protect customer health data

Related Posts

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the
Avatar
Read More

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware," Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed
Avatar
Read More