QIWI is a Russian payments company that’s widely used in the CIS countries. NB65 claimed to have encrypted their SQL databases and Tele2Pay boxes and shut down their Hyper-V clusters. Also, they claim to have stolen the credit card details of millions of QIWI’s clients.
Hacking Russia’s Largest Payment
Ever since the war between Ukraine and Russia broke out, many started extending a hand to Ukraine in this struggle. This includes voluntary hackers who’re targeting Russian organizations and government entities. NB65 is one among them, which hit a document management operator Tensor, Russian space agency Roscosmos, and VGTRK, the state-owned Russian Television and Radio broadcaster. And now, it announced QIWI as its latest victim.
— NB65 (@xxNB65) May 1, 2022 QIWI is the largest payment service in Russia, often called the Venmo of Russia. It has a dedicated payment system, QIWI Bank, CONTACT money transfer system, etc as its services, and operates in Kazakhstan, Kyrgyzstan, Russian Federation, and Tajikistan. On early Sunday, the Network Battalion 65 (NB65) group announced hacking QIWI and encrypting significant infrastructure of it. It said, NB65 said this act is retaliation to QIWI’s recent press release, where the company stated not being affected by any sanctions so far. In addition to encryption of infrastructure, NB65 has also exfiltrated QIWI clients’ credit card information! Along with all your servers and DCs, we shut down your Hyper-V clusters and encrypted the images for you then encrypted all your SQL databases while we were at it.” This is about 12.5 million records and about 30 million payment records from the same database. Asking QIWI to contact them within 3 days, the hacking group said it will release 1 million records each day after this deadline.