Pickup Points at Moscow Online Delivery Service Hacked by Unidentified Cybercriminals

Unidentified threat actors compromised the network of Moscow-based delivery service PickPoint last week, unlocking package lockers across terminals throughout the Russian capital.

The attack, described by the delivery company as the “world’s first targeted cyberattack against a post-gateway network,” was discovered last Friday, when a failure in the checkpoint network’s operation led to the disabling of nearly 3,000 pickup terminals.

“Yesterday, 2,732 checkpoints suffered from the hacker attack, the rest of the network, about 8,000 points, is operating normally,” PickPoint said. “Recovery work is already underway and 95% of problem points will be repaired over the weekend.”

Luckily, the attack was detected early, and orders were not affected, the company said.

“Users whose purchases were in the affected checkpoints at the time of the cyber attack were notified about possible delays in receiving orders,” PickPoint added. “The restoration of postamats, subjected to the cyber attack on 04.12, is proceeding according to the schedule.”

No reports of package theft have surfaced. According to local media outlets, security officials quickly secured the smart lockers’ perimeter, safeguarding the contents.

Company employees picked up the parcels found in the compromised lockers. PickPoint emphasized that the packages will be relocated to the designated checkpoint, and customers will receive a standard SMS message containing the order code.

Russia’s first checkpoint delivery service was founded in November 2010, providing 9,500 check-in terminals and pick-up points across the country. As of 2019, more than 8.4 million people have been using the service to receive orders from various online retailers.