Pro-Ukraine group says it breached Russian card payment system

Siva Ramakrishnan
A group of pro-Ukrainian hackers claims to have breached Russia’s national card payment system this week and obtained its user data.

A group of pro-Ukrainian hackers claims to have breached Russia’s national card payment system this week and obtained its user data.

Activists from the DumpForums group and the Ukrainian Cyber Alliance said they defaced a website of the government-run National Payment Card System (NSPK) and reportedly gained access to the internal systems of the consumer payment network Mir (“world” in Russian). Mir, a homegrown alternative to brands like Visa and Mastercard, is operated by the NSPK.

NSPK confirmed to Russian media that its website was indeed hacked. The intruders defaced the homepage, leaving a message that says that this “new” version of NSPK’s website was created in exchange for its users’ personal data.

The agency denied, however, that any data was leaked. In a comment to the Russian news agency Tass, an NSPK spokesperson said that the website is developed and maintained by a “third-party contractor,” and as such, it does not store any confidential information and is not linked to the payment infrastructure.

“It is impossible to access any systems through the website. The company’s servers and data centers do not have internet access,” NSPK’s spokesperson said.

The agency didn’t comment on the hackers’ claim that they also gained access to Mir’s internal systems but stated that the attacks had no impact on financial transactions and payments.

At the time of publication, the agency hadn’t responded to a request for comment. Its website was still down as of mid-morning Tuesday, Eastern U.S. time.

In response to NSPK’s comment, DumpForums published a screenshot of a folder that allegedly contains 30 gigabytes of Mir data.

Mir was launched in 2014 following Russia’s first invasion of Ukraine and the annexation of the Crimean peninsula as a means to overcome potential disruptions in electronic payments due to sanctions imposed on several Russian banks.

The system is not popular outside of Russia due to the fear of Western sanctions. Less than a dozen Russia-friendly countries accept Mir payment cards, including Belarus, Venezuela and Cuba.

The share of Mir payments in Russia increased following the Kremlin’s full-scale invasion of Ukraine and the departure of international payment services from Russia, and it now accounts for nearly 50%.

Attacks on Russian banks

Financial institutions in Russia are popular targets for Ukrainian hackers as they aim to disrupt the country’s economy and make it harder for the Kremlin to finance its war efforts in Ukraine.

In early October, Ukrainian hackers [collaborated]( with the country’s security services, the SBU, to breach Russia’s largest private bank, Alfa-Bank, and obtain data from millions of its customers.

A pro-Ukrainian group also claimed responsibility for a cyberattack on Russia’s MTS Bank and Russia’s largest state-owned bank, Sberbank.

In November of last year, Ukrainian cyber activists claimed to have breached the Central Bank of Russia, stealing thousands of internal documents detailing the bank’s operations, security policies, and the personal data of some of its current and former employees.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Apple warns Indian opposition figures over state-sponsored hacking attempts

Next Post

FBI ‘keeping a close eye’ on Iranian hackers as Israel-Hamas war intensifies

Related Posts

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China

The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, "transferred sensitive Google trade secrets and other confidential
Read More