Information security in Russian Post

Main article: Digitalization of Russian Post

2025: In the process of cyber exercises, hackers seized the Russian Post office

On November 19, Russian Post spoke about the results of verification of the first stage of building a cyber-resistant infrastructure in the organization. We are talking about conducting cyber exercises after the pilot implementation of more than 30 subsystems to ensure the protection of the IT infrastructure. Over 250 cybersecurity experts from 22 information security companies worked on the project, and the total labor costs for the project have already amounted to about 100 man-years.

Verification was carried out by specialists from the team of cybersecurity researchers of the Jet Infosystems company, consisting of 12 people. They managed to hold out inside the infrastructure for 24 days of the month allotted for research, but as a result, they were calculated and completely blocked. Then, as a development of the attack, the seizure of the post office was simulated - the attackers were allowed full access to the equipment of one of the Russian Post offices. The results of the experiment satisfied the company.

The start of the active phase of the project for building a cyber-stable infrastructure of Russian Post was announced in June 2025. Its goal is to ensure the protection of strategically important infrastructure, which over 3 years of the project should cover 38 thousand branches, 3 data centers, 11 logistics mail centers (LPCs), 28 critical infrastructure facilities and more than 100 thousand workstations. The project program is aimed at preventing cyber threats, ensuring the continuity of logistics centers and protecting the personal data of millions of customers.

Solar, as the general architect, developed a single process and architectural model, ensured the coordination of all participants and control over the work. Positive Technologies ensured the effective cybersecurity of the corporate segment by implementing solutions for monitoring, vulnerability management and protection against targeted attacks. Kaspersky Lab focused on the cybersecurity of logistics centers, integrating subsystems to protect technological equipment and partially for the corporate segment.

The project office of the general architect "Solar," including 15 experts, worked 65 private technical tasks (out of 66 planned). In addition, under the guidance of experts, 26 technical projects and other reporting materials were formed and approved - a total of 350 thousand pages of documentation. At the moment, 121 out of 324 planned stages have been successfully implemented. In the future, it is planned to scale the project to the entire infrastructure of the Russian Post - this will take another two years. After each year, it is also planned to carry out similar verification (cyber exercises), but the testing period can be increased.

The construction of effective cybersecurity of the corporate segment is provided by 76 specialists from Positive Technologies. The created information security support complex includes information security event monitoring subsystems (MaxPatrol SIEM), vulnerability management subsystem (MaxPatrol VM), endpoint protection subsystem (MaxPatrol EDR) and behavioral network traffic analysis subsystem for detecting hidden cyber attacks (PT NAD). Also, Positive Technologies specialists have developed more than 170 recommendations for strengthening the protection of IT infrastructure and operating systems, tightening the configurations of "golden samples" according to information security requirements, which will be installed on workstations.

Kaspersky Lab ensured the cybersecurity of the production circuit - sorting equipment and automation for the 3 largest LPCs in the Moscow region. The project involves a team of more than 100 specialists from different areas: engineers, project managers, developers, architects, researchers of technological equipment. Experts conducted a security analysis, developed protection measures, ensured tightening of OS and software settings to counter cyber threats and introduced Kaspersky Lab protection tools for the technology segment.

𝓲

Фото: Solar

We have completed the first stage of the large-scale cybersecurity transformation of Pochta, which, after its replication, will allow us to ensure reliable protection of infrastructure critical for millions of citizens and businesses, - Roman Shapiro, head of the information security directorate of Russian Post, reported on the work done. - Our approach to implementation has become a unique example of cooperation of information security market leaders, and its results show high efficiency. We are confident that the further implementation of the program will allow us to reach the level of maturity necessary to prevent any scenarios for the implementation of strategic risks of the Company

2024

Russian Post has begun a reboot of information security: "A program of projects of this complexity is being implemented in the country for the first time"

In 2024, Russian Post began developing a large-scale program for the integrated cyber protection of its systems. This was reported in the company's annual report, which TAdviser got acquainted with in early August 2025, and which includes the results of the company's activities in the field of information security. This program includes "dozens of interrelated and parallel projects."

For the first time, a program of projects of this complexity is being implemented in Russia and requires cooperation and coordinated actions of all key players in the cybersecurity market, the report says.

There, the company clarifies that the initiative is aimed at achieving "confirmed cyber immunity" to protect against strategic risks and cyber threats in the face of the growing criticality of the consequences from possible attacks.

Note that the concept of cyber immunity on the market has been promoted for more than one year, in particular, by Kaspersky Lab. Moreover, not only in Russia, but also globally, and according to the authors of the concept, they were very successful in this: according to a recent survey, the overwhelming majority (85%) of information security specialists interviewed in different regions of the world are already familiar with the term "cyber immunity."^[1].

Actually, subsequently Kaspersky Lab became one of the key partners in the project, in which Russian Post plays the role of a testing ground for working out "the best practices in building cyber resistance." Solar Group of Companies and Positive Technologies are also taking part in the initiative, and together about 20 leading players in the information security market have united to implement the program for building a cyber-stable infrastructure of the Russian Post.

According to the annual reports of the Russian Post, the organization is taking measures to modernize the information security tools due to an increase in the share of import substitution in the field of information protection. Continuous communication with information security vendors allows you to respond to changes in the IT landscape in a timely manner, including reconfiguring the configurations accordingly.

Among the results of 2024 in the field of cybersecurity is the choice of an approach in which 66 mutually related projects that determine information security processes and more than 30 subsystems that determine the comprehensive information security system of the Russian Post undergo external verification annually through the controlled implementation of cyber attacks on the company's infrastructure.

𝓲

Фото: Russian Post Annual Report

Also in 2024, measures were organized to digitally transform the developed local regulations (LNA) of the Russian Post within the boundaries of the security, risk and compliance management subsystem (SGRC). As a result, LNAs were decomposed into separate requirements for IT infrastructure elements and/or processes. Digital transformation allows you to clearly demonstrate updated information security requirements, allowing you to immediately refer to their source (LNA), as well as carry out automated control over the fulfillment of requirements for IT infrastructure elements and/or processes.

The frequency of external audits of the company's IT infrastructure, which are of a detailed nature, was also increased, while taking into account the specifics of responding to such events by the specialists of the monitoring center. The analysis of the data obtained and the conclusions of the auditors allows you to quickly and efficiently develop the necessary measures in the field of information security and information protection, according to the Russian Post.

In the reporting period, work was also organized to build an integrated information security system with the implementation of appropriate "pilot" projects in the field of IT infrastructure.

In addition, the function of countering fraudulent actions (anti-fraud) is concentrated in a single response point, approaches to its activation are automated. Priority is given to excluding such risks in the implementation of the company's social programs, according to the annual report.

Russian Post is traditionally one of the most tasty targets in Russia for cyberplayers and is regularly attacked. At the end of July 2025, in the wake of powerful hacker attacks on large Russian organizations, including Aeroflot and well-known pharmacy chains, a large-scale failure occurred in the work of the official website and mobile application of Russian Post. In itself, the company, however, did not publicly explain the reasons behind the technical problems that arose.

Data breach of millions of customers

On December 5, 2024, it became known that the Russian Post database containing personal information about millions of customers was at the disposal of cybercriminals. This information can be used to organize various fraudulent schemes aimed at stealing money.

According to the Telegram channel "Information Leaks," as evidence of the hack, the attackers posted a fragment of the database containing 2128 lines in the open access on the Internet. These are data such as surnames and names, phone numbers and partial addresses (only index and region/city) of recipients of shipments, SPI (bar postal ID), type of shipment, category, weight, size and cost, as well as dates of transactions.

𝓲

Фото: Unsplash

Selective checking of random records from this fragment by SPI on the pochta.ru/tracking website confirms the reliability of the partial address and type of departure, the publication says.

It is also noted that the full database dates from April 18, 2024 and contains more than 26 million lines of personal information. In addition to the listed information, it includes telephone numbers and TIN of senders (the database contains only items from organizations and individual entrepreneurs).

Russian Post, according to TASS, initiated an inspection in connection with the incident. Experts are studying a published fragment of data on belonging to the 2022 leak, when about 10 million lines of information were stolen. Then the company said that the leak does not threaten the safety of customers, since it does not contain bank data.

The company's specialists are now conducting an audit of the security of information systems and checking the published fragment for belonging to the leak in June 2022, representatives of the Russian Post say[2]

The ex-head of the Russian Post department received 5 years in prison for embezzling 40 million rubles by manipulating a computer

The ex-head of the Post department Russia received 5 years in prison for embezzling almost 41 million rubles by manipulating a computer. This FSB Republic of Sakha (Yakutia) was reported in the press service of Russia on February 22, 2024.

According to TASS, the statement of the department, the woman (her name is not disclosed) was found guilty under part 4 of article 159.6. ("Fraud in the field of computer information committed on an especially large scale," the maximum punishment is ten years in prison) of the Criminal Code of the Russian Federation.

It was established that the official deliberately, out of selfish motives, committed the theft of more than 40 million rubles by entering computer information using his official position, disposed of the funds at his discretion, - said in the message of the FSB of Russia in the Republic of Sakha (Yakutia).

The court satisfied the civil claim to recover the amount of theft from the convict in favor of the federal postal service department. Upon the entry into force of the verdict, the property arrested from the defendant in the criminal case will be sold to compensate for the damage caused to the victim, the press service added.

Earlier, the department said that the accused came up with a scheme of "illegal charges by entering computer information into the 1C software." At the same time, what was the scheme is not specified. The defendant pleaded guilty.

The Russian Post told Sakhapress that the theft was revealed by the company's security service.

After an internal audit, all the collected materials necessary to initiate a criminal case were transferred to law enforcement agencies. The employee who allowed the abuse of office was dismissed, the postal service department said.[3]

2022: Russian Post moved from "paper security" to the introduction of comprehensive protection amid the growth of cyber attacks and the incident with the data center

In 2022, events related to information security incidents were observed, which affected the information resources of the Russian Post. This is no longer "paper security," but an understanding of the need to introduce effective comprehensive protection, according to the annual report of the Russian Post in the section on ensuring cybersecurity.

The company indicates that in 2022 there was a significant increase in information security incidents compared to 2021. In particular, at the end of the third quarter of 2022, the same number of incidents were registered as in the entire 2021 year. And in the I-II quarters of 2022, the activities of "hacktivists of foreign states" and their increased activity led to a threefold increase in information security incidents.

Russian Post has strengthened cyber protection amid rising information security incidents "(photo: Pyotr Kovalev/TASS)"

The main cyber threats of the past year in the Russian Post include:

• malicious software;
• distributed denial of service attacks, including at the application level;
• penetration into corporate networks through the resources of contractors;
• APT attacks (Advanced Persistent Threat) on critical infrastructure and government agencies;
• actions of internal violators.

Attacks of the "distributed denial of service" type on the information resources of the "Russian Post" even led to the unavailability of the company's data center, follows from the annual report. At the request of TAdviser, the Russian Post chose not to comment on this incident and other moments from the annual report related to information security.

Timely detection and response to cyber attacks is provided by the Center for Monitoring Information Security "Russian Post." In order to ensure a round-the-clock response to cyber attacks, a shift of the Information Security Monitoring Center has been created. On an ongoing basis, the information background is monitored for new information about cyber attacks, their methods, vulnerabilities, malware.

And in order to timely block negative consequences, the company conducts investigations of incidents with the involvement of experts, operational interaction is carried out with the State system of detection, prevention and elimination of consequences of computer attacks Center of the FSB of Russia, FSTEC of Russia. A centralized approach to information security is carried out. Standards, regulations, requirements for the IT infrastructure and information security management system are the same for all territorial divisions and companies of the Russian Post group.

All information systems created and put into operation are audited for compliance with information security requirements, which allows to ensure control and timely elimination of vulnerabilities in the system architecture. Control for compliance with the requirements of already operated systems is provided by both internal and external audits, as well as information security regulatory checks. In 2022, in particular, 39 internal audits of information security were carried out.

In 2022, the Russian Post also completed the creation of a system for managing user identification information, granting the right to use the software.

And in order to ensure the protection of information processed in the information systems of the Russian Post in accordance with the requirements of the regulatory and legal documentation of the Russian Federation in the field of information protection and regulatory and methodological documentation of the FSTEC of Russia and the FSB of Russia, an agreement was concluded and executed for the supply of equipment and the provision of rights to use software for information protection, indicated in the annual report.

In addition, in pursuance of the 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation," a list of objects of the critical information infrastructure of the Russian Post was approved, and their categorization was carried out.

Notes