Inside Cyber Warfare

Inside Cyber Warfare

Share this post

Inside Cyber Warfare
Inside Cyber Warfare
JSC BIFIT Breached by GURMO Hackers
Copy link
Facebook
Email
Notes
More

JSC BIFIT Breached by GURMO Hackers

Remote banking network "iBank" serves over 2 million corporate and private clients

Mar 28, 2022
∙ Paid

Share this post

Inside Cyber Warfare
Inside Cyber Warfare
JSC BIFIT Breached by GURMO Hackers
Copy link
Facebook
Email
Notes
More
Share

Cyber operators working for GURMO (Main Intelligence Directorate of the Ministry of Defense of Ukraine) have breached JSC BIFIT, a Russian financial services company that enables remote banking.

BIFIT is a privately-held company whose product iBank and iBank 2 (remote banking software) is used by 40% of Russia’s banks. That translates into one million corporate clients and 1.5 million private clients according to the company’s website. The company employs just under 200 people and earned a Net Profit of RUB 249.5 million on revenues of RUB 788.1 million in 2020.

LICENSES

  • Development and production of confidential information protection tools, issued by the Federal Service for Technical and Export Control (License 1636 dated October 18, 2016)

  • Activities for the technical protection of confidential information, issued by the Federal Service for Technical and Export Control (License 3071 dated October 18, 2016)

  • Development, production, distribution of encryption (cryptographic) means, issued by the the Center of Licensing, Certification and Protection of State Secrets of the FSB of Russia (Licenses LSZ0016624 17568N dated November 22, 2019 and LSZ0016625 17572N dated November 26, 2019)

iBank Software Capabilities

iBank software enables commercial clients to conduct financial business with any of the banks on the above list from their PC or Mac computer or mobile device using a standard Internet connection.

Services include but are not limited to:

  • document signing and contract settlement

  • reports

  • currency control

  • payroll

  • corporate cards

  • money transfers using SWIFT, BCC, Bank of Russia, beneficiaries

  • online chat with bank employees

Documents

This is a list of Russian banks on the iBank network.

iBank Member Banks

This is a payment order initiated using BIFIT’s iBank software.

Online payment between banks using iBank on 03/18/2020 - Translated from the Russian

This is an email message sent from a bank officer to BIFIT with feedback on new SWIFT formats for the Ruble.

VTB Bank request to BIFIT to update SWIFT codes

This is a two-pager with instructions on what to do if fraudulent transactions are suspected.

This is an image of the application as the user attaches a mobile phone number to the bank account.

This breach of BIFIT, like the breach of VTB bank, has been done as part of an international hunt for hidden bank accounts belonging to Russian oligarchs. The funds in those accounts will be used to re-build Ukraine after Russia’s disastrous war.

Download

The download for BIFIT has 17 files, including English translations of the original documents in Russian whenever possible. This is only a fraction of what was taken, and is mean’t to serve as proof that the company and its software have been breached by GURMO’s cyber unit. Access to downloads are for paid subscribers only.

Keep reading with a 7-day free trial

Subscribe to Inside Cyber Warfare to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2025 Jeffrey Caruso
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More