Golden Crown payment service was subjected to a DDoS attack

Hackers, according to market participants – Ukrainian, attacked the Zolotaya Korona money transfer system, which became especially in demand against the backdrop of complications in sending funds from the Russian Federation abroad and back. Cybersecurity experts note that the attack on the company’s resources was coordinated on shadow forums, while downtime threatens the payment system with direct and irreparable financial losses.

Hackers attacked the popular money transfer system Golden Crown (KoronaPay). Information about this is spread through profile chats in Telegram and on shadow forums. Kommersant’s interlocutors among cybersecurity specialists confirmed that the resources of the Golden Crown were “marked on shadow forums among the targets for hacktivists” as early as August 28.

“Calls to attack a company, as a rule, lead to a massive DDoS attack (a denial of service attack), which happened to the payment system,” says one of Kommersant’s interlocutors.

ServicePipe experts (protection of digital assets) confirmed a cyber attack, as well as service failures. Danila Chezhin, commercial director of ServicePipe, noted that the IT-army of Ukraine took responsibility for the attack on the Golden Crown. The volume of such attacks can reach 10 Gb / s, but this incident was less powerful, the company says.

The Central Bank of the Russian Federation and the Golden Crown did not respond to requests. Last year, the Mir payment system and its operator, the National Payment Card System, were subjected to a similar attack. The attacks, as experts noted, were coordinated “through the chats of pro-Ukrainian activists” (see Kommersant dated September 23, 2022).

Zolotaya Korona provides financial transaction services without opening an account and operates in Russia, the CIS countries, the European Union and a number of other countries. The system has existed, according to open data, since 1994, it became especially in demand after the outbreak of hostilities in Ukraine, when sending money from the Russian Federation abroad and back was seriously complicated, despite the fact that a significant number of Russians relocated to near and far abroad.

According to the Central Bank and the financial transfer systems Zolotaya Korona, Unistream and Contact, in 2022, individuals sent record volumes of money transfers from Russia to neighboring countries – about $23 billion.

“DDoS attacks are aimed at interrupting the work of the attacked services, and for payment systems whose entire business is built on the continuity of transfers, downtime brings direct financial damage,” warns Andrey Dugin, head of the cybersecurity services center at MTS RED. If clients cannot transfer money, the service does not receive interest, he explains, and these losses are irreparable: “If a client wants to pay now, and the system is down, he will not wait for it to restore work, but simply pay through another system and, maybe then he will switch to it. ”

Tatiana Isakova, Yulia Poslavskaya