NB65, a hacking group that’s targeting various Russian organizations recently, has just announced QIWI as its latest victim.
QIWI is a Russian payments company that’s widely used in the CIS countries. NB65 claimed to have encrypted their SQL databases and Tele2Pay boxes and shut down their Hyper-V clusters. Also, they claim to have stolen the credit card details of millions of QIWI’s clients.
Hacking Russia’s Largest Payment
Ever since the war between Ukraine and Russia broke out, many started extending a hand to Ukraine in this struggle. This includes voluntary hackers who’re targeting Russian organizations and government entities.
NB65 is one among them, which hit a document management operator Tensor, Russian space agency Roscosmos, and VGTRK, the state-owned Russian Television and Radio broadcaster. And now, it announced QIWI as its latest victim.
Hi Qiwi (they have a twitter account lol lets see how long it takes). We rolled up and smoked ~10.5TB of backups.
Your company has been dealt with by Network Battalion 65. We recommend you contact us if you want to survive this… You guys are super fucked.#SlavaUkraini #FCKPTN pic.twitter.com/OWI6r8hn1P— NB65 (@xxNB65) May 1, 2022
QIWI is the largest payment service in Russia, often called the Venmo of Russia. It has a dedicated payment system, QIWI Bank, CONTACT money transfer system, etc as its services, and operates in Kazakhstan, Kyrgyzstan, Russian Federation, and Tajikistan.
On early Sunday, the Network Battalion 65 (NB65) group announced hacking QIWI and encrypting significant infrastructure of it. It said,
“Your Active Directory forest in multiple site-to-site connected networks have all been encrypted with our vastly improved ransomware kit.
Along with all your servers and DCs, we shut down your Hyper-V clusters and encrypted the images for you then encrypted all your SQL databases while we were at it.”
NB65 said this act is retaliation to QIWI’s recent press release, where the company stated not being affected by any sanctions so far. In addition to encryption of infrastructure, NB65 has also exfiltrated QIWI clients’ credit card information!
This is about 12.5 million records and about 30 million payment records from the same database. Asking QIWI to contact them within 3 days, the hacking group said it will release 1 million records each day after this deadline.
