Russia warns of breach of major IT service provider LANIT serving the financial sector

Russia's National Coordination Center for Computer Incidents (NKTsKI) has issued a warning to organizations in the country's credit and financial sector about a security breach at LANIT, a major Russian IT service and software provider. 

LANIT Group is considered Russia's largest system integrator and holds significant influence in the country's information technology sector. LANIT's clients includes the Russian Ministry of Defense and major players in the military-industrial complex, including Rostec.

The attack occurred on February 21, 2025, and potentially impacted two LANIT subsidiaries: LLC LANTER and LLC LAN ATMservice. The affected subsidiaries specialize in banking technology and services, software for banking equipment, payment systems, and Automated Teller Machines (ATMs). 

Given their focus on financial infrastructure, the breach could have widespread implications for Russia's banking sector. NKTsKI has issued several security recommendations for potentially affected organizations:

• Immediately rotate passwords and access keys for systems hosted in LANIT's data centers
• Change remote access credentials if LANIT engineers have been granted access
• Enhance monitoring of threats and information security events in systems developed, deployed, or maintained by LANIT engineers

At this time, Russian authorities have not disclosed how attackers gained access to the LANIT network, when the compromise initially occurred, what data might have been stolen, or who might be responsible for the attack. While Russian ATM operators and banks have been targeted by distributed denial of service (DDoS) attacks, this incident appears to involve deeper infiltration into a central service provider's systems, creating potential for broad supply chain compromises.