Ukrainian Hackers Attack Russian Financial Services

Russia's leading electronic trading platform, Roseltorg has been attacked by a pro-Ukraine hacking group called Yellow Drift.

Roseltorg is one of the largest electronic trading operators selected by the Russian government to conduct public procurement, including contracts in the defence and construction industries. The platform also offers tools for electronic document management and procurement planning.  

In a  statement, Roseltorg disclosed that it had been targeted by "an external attempt to destroy data and the entire infrastructure of electronic trading."  

Roseltorg stated that all data and infrastructure affected by the recent attack had been fully restored, and trading systems are expected to resume operations shortly. Yellow Drift  have claimed that they were responsibile for the attack on Roseltorg, stating they had deleted 550 terabytes of data, including emails and backups.

 As evidence of their exploit the hackers published screenshots from the platform’s allegedly compromised infrastructure on their Telegram channel.“If you support tyranny and sponsor wars, be prepared to return to the Stone Age," the hackers said.  

The cyber attack on Roseltorg is  affecting clients who rely on the platform’s operations, including government agencies, state-owned companies and suppliers.  Numerous users of the platform have expressed concerns,  complaining about potential financial losses and delays in the procurement process.  

Roseltorg said in a statement that once access to the trading systems is reinstated, all deadlines for procedures, including contract signings, will be automatically extended without requiring any requests from users.  

According to local reports, Roseltorg serves some of the largest Russian corporations, including oil company Lukoil, digital service provider Rostelecom and diamond mining company Alrosa, as well as government agencies including the Ministry of Defence and internet regulator Roskomnadzor.  

Roseltorg is one of several Russian companies targeted by pro-Ukraine hackers this month. Recently a group of hackers with unknown ties claimed responsibility for breaching Rosreestr, a Russian government agency responsible for managing property and land records.  

  • Another hacker group, known as the Ukrainian Cyber Alliance, also claimed responsibility for a hack on the Russian Internet provider Nodex, which has confirmed the attack.
  • In a different exploit, the Ukrainian hacker group known as Cyber Anarchy Squad claims to have attacked a  Russian technology  company Infobis, which develops systems for planning, monitoring, and accounting of agricultural work.  

The hackers claimed to have exfiltrated 3 TB of data and destroyed part of the company’s infrastructure although Infobis has not commented on the alleged attack. 

Yellow Drift's asserts that it destroyed 550 TB of data as a result of their exploit, while Roseltorg say that it has recovered of all the missing data and is working to restore its trading systems and operations. 

Roseltorg   |   Yellow Drift   |    Record   |   CNews   |   SCWorld   |   Euromaidan

Image: Ideogram

You Might Also Read: 

 

 

 

« Remote Deletion Of Malware Enforced On Thousands Of Computers 
How SASE Fits Into The Modern Cybersecurity Landscape »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

Cyscale

Cyscale

Cyscale automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Q6 Cyber

Q6 Cyber

Q6 Cyber is an innovative threat intelligence company collecting targeted and actionable threat intelligence related to cyber attacks, fraud activity, and existing data breaches.

Stealth-ISS Group

Stealth-ISS Group

Stealth–ISS Group is your extended IT, cyber security, risk and compliance team, providing strategic guidance, engineering and audit services, along with technical remediation and security operations.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

NPCERT

NPCERT

NPCERT is a team of Information Security experts formed to address the urgent need for the protection of national information and growing cybersecurity threat in Nepal.

Commission Nationale de l'Informatique et des Libertés (CNIL)

Commission Nationale de l'Informatique et des Libertés (CNIL)

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.

ZEST Security

ZEST Security

The ZEST platform natively integrates into your technology stack to make efficient risk remediation possible.

True Corporation

True Corporation

True Corporation is Thailand’s leading Telecom-Tech company, empowering people and businesses with connected solutions that advance society sustainably.