PJSC Sberbank

PJSC Sberbank's security apparatus, in collaboration with Russian authorities, arrested three individuals for manufacturing and distributing 'Mamont,' an Android banking trojan that was spread through Telegram channels. The malware allowed illicit fund transfers from victims' accounts, made feasible by theft of banking credentials and sensitive financial data. Over 300 cybercrimes have been attributed to this scheme, comprising fraudulent transactions and unauthorized access to banking information. Authorities have seized equipment connected to the operation and have taken legal action against the perpetrators, continuing investigations into potential accomplices.

Source: https://securityaffairs.com/175935/cyber-crime/russian-authorities-arrest-three-suspects-behind-mamont-android-banking-trojan.html

TPRM report: https://scoringcyber.rankiteo.com/company/pjsc-rosseti-

"id": "pjs000032925",
"linkid": "pjsc-rosseti-",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "",
"explanation": "Attack with significant impact with customers data leaks: Attack which causes leak of personal information of customers"

{'affected_entities': [{'industry': 'Financial Services',
                        'location': 'Russia',
                        'name': 'PJSC Sberbank',
                        'type': 'Bank'}],
 'attack_vector': 'Android Banking Trojan',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Banking credentials and '
                                             'sensitive financial data'},
 'description': "PJSC Sberbank's security apparatus, in collaboration with "
                'Russian authorities, arrested three individuals for '
                "manufacturing and distributing 'Mamont,' an Android banking "
                'trojan that was spread through Telegram channels. The malware '
                "allowed illicit fund transfers from victims' accounts, made "
                'feasible by theft of banking credentials and sensitive '
                'financial data. Over 300 cybercrimes have been attributed to '
                'this scheme, comprising fraudulent transactions and '
                'unauthorized access to banking information. Authorities have '
                'seized equipment connected to the operation and have taken '
                'legal action against the perpetrators, continuing '
                'investigations into potential accomplices.',
 'impact': {'data_compromised': 'Banking credentials and sensitive financial '
                                'data',
            'legal_liabilities': 'Legal action against the perpetrators',
            'payment_information_risk': 'High',
            'systems_affected': 'Android devices'},
 'initial_access_broker': {'entry_point': 'Telegram channels',
                           'high_value_targets': 'Banking credentials and '
                                                 'sensitive financial data'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'Manufacturing and distributing '
                                           "'Mamont' Android banking trojan"},
 'regulatory_compliance': {'legal_actions': 'Legal action against the '
                                            'perpetrators'},
 'response': {'containment_measures': 'Arrests made and equipment seized',
              'law_enforcement_notified': 'Yes'},
 'threat_actor': "Three individuals manufacturing and distributing 'Mamont'",
 'title': 'Arrests Made in Mamont Android Banking Trojan Scheme',
 'type': 'Malware',
 'vulnerability_exploited': 'Theft of banking credentials and sensitive '
                            'financial data'}