Hackers landed on Atol
[ad_1]
The IT infrastructure of Atol, a major manufacturer of equipment and software for trade automation, was attacked by supposedly pro-Ukrainian hackers. As a result of the incident, the company’s website and IT resources were unavailable, and the internal data of its customers were posted online. The company acknowledged the hack, but assured that the attackers did not receive partner information. Hackers could encrypt the company’s data and ask for a ransom from it, experts say.
A malfunction occurred in the systems of the manufacturer of equipment and software for automating trade Atol, Kommersant discovered: the organization’s website stopped working on January 31, and the cloud cash desk portal for online trading also did not respond. In addition, information about the Atol data leak began to spread in specialized Telegram channels: the file contains 157.1 thousand lines of information about the company’s customers and partners, including personal data (email addresses, full names and telephone numbers) from the organization’s database. The total amount of allegedly stolen information is 9 GB.
LLC “Atol” — developer of specialized equipment (including cash registers) and software for automating the work of network and independent retail, as well as the service sector (cafes, hotels, etc.) and online cash registers. According to SPARK Interfax, the company is owned by Alexei Makarov and Irina Makarova (50% each). Revenue of Atol LLC in 2021 amounted to 4.8 billion rubles, net profit – 550.8 million rubles. In 2019, these figures were 7.8 billion and 709.5 million rubles. respectively.
Atol itself admitted that IT services had been hacked, “as a result of which less than 5% of customers and partners received spam messages, and a number of sites were unavailable.” The company assured that attackers did not gain access to client and partner data.
Atol’s clients include Rigla Apteka, Burger King and other major players. Burger King told Kommersant that they didn’t notice any problems in transactions: “But the systems that are critical for business and guests are duplicated in the company, so in case of failure or problems with one provider, transactions are automatically redirected to another.” Other Atol clients did not answer Kommersant. A source in the e-commerce market also says that “players did not notice any problems with transactions.”
A week before the incident, hackers carried out active DDoS attacks on Russian OFDs (fiscal data operators), which led to the inoperability of these services and failures in the transmission of fiscal data, says a Kommersant source in a large IT company: “The attacks continue this week, but they are already aimed at manufacturers of automation tools – developers of online cash registers and other types of cash registers. According to him, in the case of Atol, “data were leaked not only from customers, but also from 30,000 users of the forum where they discussed the operation of products, including account passwords.” A similar mass attack occurred on September 1, 2022, when electronic document management systems were affected (see Kommersant on September 1).
Most of the published data is dated January 31, which indicates probable access to the database server, says Ashot Hovhannisyan, founder of the DLBI leak monitoring service. The failure of the Atol sites, in his opinion, is connected “with a leak and restoration work.” Kommersant’s interlocutor in the cybersecurity market believes that pro-Ukrainian hackers from the IT Army of Ukraine may be behind the incident.
The attackers attacked Atol through the main website, and then blocked access to the databases by changing the connection credentials, Shamil Chich, an analyst at the IZ:SOC cyberattack monitoring and countermeasures center at Informzashchita, believes. In his opinion, the attackers could also encrypt the site’s data, and the information uploaded to the network is necessary to confirm the incident and request a ransom.
[ad_2]
Source link
