JSC BIFIT Breached by GURMO Hackers
Remote banking network "iBank" serves over 2 million corporate and private clients
Cyber operators working for GURMO (Main Intelligence Directorate of the Ministry of Defense of Ukraine) have breached JSC BIFIT, a Russian financial services company that enables remote banking.
BIFIT is a privately-held company whose product iBank and iBank 2 (remote banking software) is used by 40% of Russia’s banks. That translates into one million corporate clients and 1.5 million private clients according to the company’s website. The company employs just under 200 people and earned a Net Profit of RUB 249.5 million on revenues of RUB 788.1 million in 2020.
LICENSES
Development and production of confidential information protection tools, issued by the Federal Service for Technical and Export Control (License 1636 dated October 18, 2016)
Activities for the technical protection of confidential information, issued by the Federal Service for Technical and Export Control (License 3071 dated October 18, 2016)
Development, production, distribution of encryption (cryptographic) means, issued by the the Center of Licensing, Certification and Protection of State Secrets of the FSB of Russia (Licenses LSZ0016624 17568N dated November 22, 2019 and LSZ0016625 17572N dated November 26, 2019)
iBank Software Capabilities
iBank software enables commercial clients to conduct financial business with any of the banks on the above list from their PC or Mac computer or mobile device using a standard Internet connection.
Services include but are not limited to:
document signing and contract settlement
reports
currency control
payroll
corporate cards
money transfers using SWIFT, BCC, Bank of Russia, beneficiaries
online chat with bank employees
Documents
This is a list of Russian banks on the iBank network.
This is a payment order initiated using BIFIT’s iBank software.
This is an email message sent from a bank officer to BIFIT with feedback on new SWIFT formats for the Ruble.
This is a two-pager with instructions on what to do if fraudulent transactions are suspected.
This is an image of the application as the user attaches a mobile phone number to the bank account.
This breach of BIFIT, like the breach of VTB bank, has been done as part of an international hunt for hidden bank accounts belonging to Russian oligarchs. The funds in those accounts will be used to re-build Ukraine after Russia’s disastrous war.
Download
The download for BIFIT has 17 files, including English translations of the original documents in Russian whenever possible. This is only a fraction of what was taken, and is mean’t to serve as proof that the company and its software have been breached by GURMO’s cyber unit. Access to downloads are for paid subscribers only.
Keep reading with a 7-day free trial
Subscribe to Inside Cyber Warfare to keep reading this post and get 7 days of free access to the full post archives.