Russia's Federal Customs Service, Considered Critical Infrastructure, Has Been Hacked By Ukraine
Customs officers had to switch to paper forms for at least three days
On April 10, 2023, Cyber elements attached to Ukraine’s military successfully breached and disrupted the newly installed Unified Automated Customs Information System (UAIS TO) that cost an estimated 780 million rubles.
According to its official website, the Federal Customs Service is a federal body of executive authority responsible for exercising control and supervision over customs clearance in accordance with Russian legislation. The service acts as a currency control agent and has special functions in fighting illegal traffic, other related crimes, and administrative offences. It’s director, Vladimir Bulavin, who was formerly the Deputy Director of the FSB, is under sanctions by the U.S., Canada, and the UK. Bulavin is also a member of Russia’s Security Council.
FCS has been classified as critical infrastructure by Presidential Decree as of March 30, 2022 - No. 166 "On Measures to Ensure Technological Independence and Security for critical information infrastructure of the Russian Federation," which prohibits the use of foreign software at critical information infrastructure facilities as of January 1, 2025.
The attack was reported on April 11 by smaller Russian news outlets like Port News and New Day News, both of which minimized the impact with claims that service has been restored.
Those claims were debunked on Alta Soft’s website - Alta.ru - by customs workers who mocked the official announcement that everything was back to normal. Alta-Soft is the company that built the UACI system for FCS. Fortunately I took a screen capture of the comments yesterday because today, as I write this post, the entire site is down.
This is an image capture of the announcement, and below it were 42 comments as of mid-afternoon yesterday. Here are a few of them.
(Anonymous poster): “The problem is not resolved. delays at the CITTU level.” 07:38 04/10/2023
(Basil) “Nothing works (“ 09:45 04/10/2023
(Tatyana) “Nothing works. Early in the morning served. Everything is gone, but there is no registration. Now requested status. “DT transferred to the post”. That’s all.” 11:46 04/10/2023
(Artem) “I stand at Customs. Everything is dead.” 09:56 04/11/2023
(name illegible) “Roast the second day is dead” 20:54 04/11/2023
A .pdf of my capture with all of the comments, plus additional information on the ICT infrastructure of the FCS follows for paid subscribers.
If you’re in the DC/MD/VA area, don’t miss our two day Intelligence, Risk, and Future Threats Salon and Workshops. The Salon will be held at the Annapolis Maritime Museum on May 4th and the workshops will be at the Naval Institute on May 5th. Attendance on May 4th is free to all Government and Military employees.
Annual or monthly paid subscribers may use coupon code ICW10 for a 10% discount.
Keep reading with a 7-day free trial
Subscribe to Inside Cyber Warfare to keep reading this post and get 7 days of free access to the full post archives.