QIWI is a Russian payments company targeted by the NB65 hacking group amid the Ukraine-Russia war.
NB65 encrypted its SQL databases and Tele2Pay boxes and shut down their Hyper-V clusters and stole the credit card details of millions of QIWI’s clients.
Apparently, the exfiltrated data contained 12.5 million records and about 30 million payment records from its database.
Source: https://techdator.net/nb65-hackers-stole-qiwi-credit-card-data/
TPRM report: https://scoringcyber.rankiteo.com/company/qiwi
"id": "qiw13831522",
"linkid": "qiwi",
"type": "Cyber Attack",
"date": "05/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Millions',
'industry': 'Payments',
'location': 'Russia',
'name': 'QIWI',
'type': 'Company'}],
'attack_vector': 'Encryption of Databases and Systems',
'data_breach': {'data_exfiltration': ['Yes'],
'number_of_records_exposed': ['12.5 million',
'30 million payment records'],
'sensitivity_of_data': ['High'],
'type_of_data_compromised': ['Credit Card Details']},
'description': 'QIWI, a Russian payments company, was targeted by the NB65 '
'hacking group during the Ukraine-Russia war. The attack '
'involved encrypting SQL databases and Tele2Pay boxes, '
'shutting down Hyper-V clusters, and stealing credit card '
"details of millions of QIWI's clients.",
'impact': {'data_compromised': ['Credit Card Details'],
'payment_information_risk': ['High'],
'systems_affected': ['SQL Databases',
'Tele2Pay Boxes',
'Hyper-V Clusters']},
'motivation': ['Financial Gain', 'Disruption'],
'ransomware': {'data_encryption': ['Yes'], 'data_exfiltration': ['Yes']},
'threat_actor': 'NB65',
'title': 'Data Breach and Ransomware Attack on QIWI by NB65',
'type': ['Data Breach', 'Ransomware']}