Russian IT service provider LANIT faced a hack in its systems

By
February 26, 2025
IT Service Provider LANIT Russia Hackers Security Breach

The Russian government is alerting the public about the recent hack on LANIT, one of its major IT service and software providers.

According to the notification bulletin, the attack occurred on February 21, 2025. It may have impacted LLC LANTER and LLC LAN ATMservice, part of the LANIT Group of Companies.

LANIT Group is a significant and influential organisation in Russia’s information technology industry. It is also recognised as the country’s largest system integrator.

In addition, the hack may inflict significant damages as its clients include notable enterprises such as the Russian Ministry of Defense and important players in the military-industrial complex, including Rostec, which is why the United States Department of Treasury sanctioned it in May 2024.

On the other hand, LLC LANTER and LLC LAN ATMservice are Russian firms specialising in banking tech and services, such as software for bank equipment, payment systems, and ATMs.

Due to the incident at these two firms, the Russian government recommends that all potentially compromised organisations cycle passwords and access keys and reset remote access credentials.

 

The notification that warns the public about the LANIT hack includes suggestions for mitigating unwanted issues.

 

According to the advisory, the government agency suggests that all enterprises immediately change passwords and access keys for systems hosted in LANIT data centres.

Altering connection credentials is also advised if an infrastructure relies on LANIT group advancements and software products and LANIT engineers have been authorised remote access.

It is also recommended that engineers from the LANIT Group of Companies improve the monitoring of risks and information security events in systems built, implemented, or maintained.

A PDF file contains further security suggestions, including specific guidance on mitigating vulnerabilities from compromised trusted external channels. At this point, NKTsKI does not indicate how threat actors accessed the affected network, when the intrusion happened, what data was stolen, or who was responsible for the attack.

Some suspect hacktivist groups that back Ukraine could be the operators of this recent hack. In recent months, Ukrainian hackers have targeted Russian ATM operators and banks, frequently interrupting operations with DDoS tactics.

However, the most recent alert from Russian authorities indicates that a central service provider’s networks have been hacked, raising the possibility of widespread supply chain vulnerabilities.

About the author