Ukrainian hackers, working in collaboration with the country’s security services, the SBU, successfully breached Alfa-Bank, Russia’s largest private bank. The hacktivist groups involved, KibOrg and NLB, claimed to have accessed the personal information of over 30 million Alfa-Bank customers, including their names, dates of birth, account numbers, and phone numbers.
Notably, Alfa-Bank had been subjected to sanctions by the United States due to Russia’s invasion of Ukraine, and the bank is owned by Russian-Israeli billionaire Mikhail Fridman, who is under U.S. and European blacklists as part of efforts to restrict Russia’s economic activities and its wealthiest individuals.
The breach saw hackers release some of the stolen data, which included information about Mikhail Fridman and his son, as well as pro-Russian figures like blogger Artemy Lebedev and Russian rappers Timati and Basta. However, Alfa-Bank denied reports of the data leak.
A source within Ukraine’s security service confirmed their involvement in the operation, highlighting an ongoing collaboration between Ukrainian intelligence and hacktivists to support the country’s cyber intelligence efforts. Such efforts are crucial in helping Ukraine uncover details about Kremlin targets in the country, the movements of enemy troops, and how Russia circumvents Western sanctions, according to Illia Vitiuk, the head of cybersecurity at the Security Service of Ukraine.
Additionally, the hackers who infiltrated Alfa-Bank announced their intent to share the acquired data with investigative journalists. They also claimed to have engaged Ukrainian YouTube blogger Evgeniy Volnov to inform Fridman about the hack, with the alleged conversation between Volnov and Fridman published on their website. The response from Alfa-Bank remains undisclosed at this time.
It’s worth noting that the NLB hacking group had previously claimed responsibility for cyberattacks on other Russian financial institutions, including MTS Bank and Sberbank, adding to concerns about cybersecurity threats in the region and the implications of such incidents for international relations and financial security.