What We Learned from a Hacker Attack on the Russian Military Registry Developer

On the evening of December 5, 2025, Mikord employees gathered at a bar in Kazan, Russia. The company's infrastructure had been compromised, and its website, social media, and internal systems were under the control of hackers. The employees noticed this six hours later, when they saw the hackers' post on Mikord's Instagram account. 

“Seems like there's a reason why everything is down”, one of Mikord's testers wrote.

“You think so? Looks bad. [...] We're screwed”, replied a colleague.

“Who are the journalists they're going to pass the data to? No one is going to write about this”, the tester concluded.

The Kazan-based company Mikord is one of the key developers of the Unified Military Registry (UMR). Hackers gained access to its internal documents and passed the data to the Get Lost human rights project, which, in turn, passed it on to IStories.

We examined more than 100 gigabytes of Mikord's technical documentation and correspondence and spoke to its employees and government supervisors. Two independent technical experts also analyzed the data at our request.

We share the key details about how the registry works and how it was created.

“As soon as we started working on the military registry project, hackers were after us”. How did a company from Kazan become a key developer of the registry?

“As you know, we’ve been hacked. The breach is very serious. Our entire infrastructure has been taken down. They destroyed everything — Jira, Confluence, Git... There is nothing left. Only the source codes on your computers remain”, Ramil Gabdrakhmanov, the CEO of Mikord, said at the beginning of a conference call with his employees on December 8. “We used to work in peace. As soon as we started working on the military registry project, hackers were after us”.

Mikord spent 18 years operating smoothly. It was founded in 2007 by an IT entrepreneur from Kazan, Alexander Nikolaev. In its initial years of operation, the company would generate modest revenue from some government contracts in Tatarstan and its business products sales.

In 2016, Mikord was contracted to create a unified registry for the civil registry offices. This project automated the work of the civil registry offices in Russian regions and consolidated the once handwritten data into a single digital system. The company also worked on dozens of large government services, such as Russia’s state atomic corporation Rosatom's corporate system, the Tatarstan database of disabled people, the Work in Russia website, etc.

The secret to Mikord's success probably lies in the ties of the company's founder, Alexander Nikolaev, who owned it and served as its CEO until the end of 2017 (although the firm is still linked to his group of companies). He used to run a joint business with Nikolai Nikiforov's wife. Nikiforov was the Minister of Communications of Tatarstan, then held the same position at the federal level, and later became a board member of one of the biggest telecommunications companies in Russia, Rostelecom. It was during Nikiforov's tenure as the Russian Minister of Communications that Mikord got its first contracts for large government projects.

In 2024, Mikord was brought in to work on the military registry project. The contracts are not publicly available, but in the leak, IStories has found an additional agreement that suggests that Mikord effectively joined the development of the registry in February 2024. The agreement with Mikord was contracted by RT Communications Systems (RT SK), a Rostelecom subsidiary. During its work on the registry project, Mikord had received at least 377.5 million rubles ($5 million approx.) from RT SK.

Mikord's being selected as a subcontractor might be related to the company's previous projects: it had previously created a special module for the state security services in the civil registry that would allow to delete certain people from the database. This was discussed during a working conference call between Mikord, RT SK, and Solar, a subsidiary of Rostelecom responsible for the project's security.

Evgeny Bazarin, Solar Security: Have we ever worked with Mikord? How secure are they? How do they develop this code? Do they have any security policies? Is it a reliable, trusted company?

Alina Safiullina, project lead on behalf of Mikord: Yes, we are reliable and trusted.

Vladimir Korolev, Rostelecom Vice President: Our colleagues have the relevant experience, which is why we brought them onboard. They had participated in the civil registry project and created a linking module (a component that can be used for deleting the data about any person from the registry permanently — Ed.) for our ministries (meaning the intelligence and law enforcement agencies: FSB, FSO, SVR — Ed.). They will be doing roughly the same thing, which is why they're here.

As a result, Mikord started working on several components of the registry at once — a digital conscription notice service, the analytical reports for the military personnel at all levels up to the Ministry of Defense generals, and the module for the intelligence agencies. The registry component functionality is described according to the technical documentation. Some requests might have been altered upon the implementation or updating of technical specifications.

“They are not just another subcontractor; they provide Rostelecom with their technology. They have a product called Web-BPM (a low-code development platform — Ed.). Quite a few things have been done in the registry using it, including the stuff not developed straight by Mikord”, the hacker who has studied the registry's developer tools says. “The company is quite extensively involved in the development of the registry. Even the teams that are not directly related to what Mikord is currently doing include Mikord's testers”.

“It is prohibited to send documents in Telegram chats”. How the hacking happened

According to the government's schedule, the digital military registry was supposed to start operating in 2024, but its launch has been postponed several times. The Ministry of Digital Development explained this, among other things, by “the strict requirements for information security and the infrastructure being created”. 

The developers of the registry did not comply with these strict security requirements themselves. Back in July 2024, Mikord employees were asked not to share the working documents and access data in messengers, but the leaked materials show that both ordinary employees and project managers would ignore this request.

“Your boss makes you go to the office and clock in from there. So what do you do? You ask a colleague to log into your work computer with your password and clock in for you. They had been doing this so often that we got tired of logging into their computers with their passwords and downloading everything”, the hacker attack participant told IStories.

As a result of the attack, hackers gained access to Mikord's source code, working documentation, and correspondence, including that with Rostelecom and the clients from the defence ministry. They got the RT SK documents as well. 

The hacker group has destroyed Mikord's entire infrastructure — more than 80 servers and 43 terabytes of data (including 12 terabytes of backups) and left, in their words, “a couple of surprises in store for the future”. According to the hackers’ estimates, it could take months to restore Mikord's work to its previous stage.

The CEO of Mikord, Ramil Gabdrakhmanov, confirmed the destruction of the company's infrastructure in an internal conference call after the attack. He told employees that they would not be able to work until mid-December at least. Both Mikord employees and RT SK developers have been temporarily unable to continue working on the registry, as their access to the infrastructure has been disabled, according to this call.

If the employees have a local copy of the repository, it won't be that difficult to restore the code itself, an independent tech expert told IStories. But if the government customer refuses to keep working with Mikord because of the hack, it could slow the development down since they'll have to find a new contractor. They will have to either delve into the technology developed by Mikord or rebuild it using other frameworks.

The main reason for the success of the attack was the developers' and the management's low level of expertise, says one of the hackers: “There is a registry you want to develop at a cost of several billion rubles (tens of millions of dollars). It was due yesterday. So you find some random company in Kazan that pays its employees 30 to 60 thousand rubles ($400 to $800 approx.) a month and makes them work on weekends and at night. It can do it quickly and at a low cost”. 

An independent expert who examined the code at the request of IStories confirmed the low quality of Mikord's code. “The code is not very good and is poorly covered by tests”, he concluded. “There is little unique code there; everything is based on their internal framework, which has probably not been significantly updated”.

In addition, the sanctions contributed to the success of the hack. “Several vulnerabilities were solely there because of the sanctions. For example, after the invasion began (in February 2022), the firewall license (a subscription that activates additional device protection — Ed.) expired on their VPN gateway, and this was one of the reasons we were able to get into their network. Moreover, they use an outdated, no longer supported Windows 10 version and do not update it, probably also because of sanctions”, a member of the hacker group said.

“The bunker needs the dashboard by 5 p.m.” The “civilian” supervisors of the registry

The formal customer for the registry was the Ministry of Digital Development, Communications and Mass Media, while the functional customer — that is, the one that will use the finished system — was the Ministry of Defense. In reality, many more government agencies have been involved in the project. 

For example, the Analytical Center under the Russian government provided recommendations on the registry development. It would approve the matters of the project's architecture, personal data storage, etc. In the spring of 2024, the center conducted a confidential assessment of the user-friendliness of the registry. The reviewers rated the “level of compliance with the principles of customer focus and ergonomics” as ‘poor’: “The service evokes negative feelings when interacting with it. Approval for commercial operation: denied”. 

The work has been personally evaluated by the Prime Minister Mikhail Mishustin (at least twice), Defense Minister Andrei Belousov, and Minister of Digital Development, Maksut Shadayev. The progress on the registry was also to be presented to the Presidential Administration.

“Hello everyone! There will potentially be a presentation at the Presidential Administration tomorrow! I'm figuring out the details. We're getting ready”, Rostelecom’s Alexander Martynchenko wrote to Mikord employees in May 2025.

The displays to government officials were tense and problematic. “Today's presentation might be delayed. For now, it's been postponed to 8:30 pm, because the presentation for the prime minister might not start at 6. The bunker (probably referring to the government's coordination center across the river from the Russian Government House building — Ed.) needs the dashboard by 5 pm”, wrote Yulia Levitskaya, the government's registry development supervisor.

The dashboard mentioned by Levitskaya would track the draft campaign status for each military enlistment office — the number of conscription notices sent, the appeals filed, etc. Following the presentation, the developers were reprimanded. “We just had a meeting with the government and got slammed, big time”, wrote Alina Safiullina, lead of the project development on behalf of Mikord.

Three weeks later, she sent a new schedule of government and defence ministry presentations to the work chat and asked the developers to speed up the fixing of the issues. “That's impossible, I'll say that right away...”, one of the developers replied.

Discussions among the registry development team indicate that Yulia Levitskaya, a head of the Department of Project Activities for monitoring the so-called “national projects” in the government, was one of the key decision-makers in the project:

Vladimir Korolev, Rostelecom: We haven't shown it to any of our customers yet. Who will be the main participant in the discussion here? 

Dmitry Kurochkin, project lead at RT Labs: Levitskaya and Biryukov [representative of the Ministry of Defense] will be involved. Any other working groups that do not include these people... their decisions will not be considered as requests.

Levitskaya was the one responsible for presenting the registry to senior officials. In a conversation with IStories, she denied her involvement at first, but then admitted that she was “involved with the registry”. She says this system will make life easier for Russians: “It will let people avoid going to the recruitment commission when they don't need to. It will make life much easier and reduce social tension. People don't understand why they are being called up and don't go because they are simply afraid that they will be taken somewhere. There is a lot written about this on the internet, I've read it”.

Levitskaya claims that the registry will not be used for mobilization. “The registry has nothing to do with war. It is a civil matter in peacetime. This has been written, spoken, and stated many times”, she told IStories.

“The business tasks of the Minister of Defense”. How the registry is being prepared for mobilization

In May 2024, the very same Yulia Levitskaya was giving developers the instructions that contradict her statements.

“The mobilized, the contract [soldiers], and [soldier] volunteers are the three business tasks that the Minister of Defense may need to deal with (in the latest versions available in the leak, the 'volunteers' category has been dropped — Ed.). Therefore, it would be good for us to show the potential number of those who could be conscripted during the mobilization, those who are potentially eligible for contracts [to take part in the war], and those who could potentially volunteer [as soldiers]”, she would describe the desired functionality of the dashboard “for the General”. This is a component of the registry that was created specifically for the Minister of Defense. 

The possibility of using the registry for future mobilization is also specified in the latest available version of the technical specs for the registry, written in August 2024. The notice to come to the draft board during the mobilization can be sent to men aged 18 to 70 and women aged 18 to 50, except for those imprisoned. “The number of conscription notices that can be sent should be unlimited”, the document states.

The “general's” dashboard, so much anticipated by the authorities, was also developed by Mikord. Its development has been in progress since May 2024, at least. One of the biggest challenges for the team was the functionality of searching for citizens by full name and various criteria. The search feature had already been available in the registry, but the Ministry of Defense demanded that it be reimplemented in the “general's” dashboard. “This is an interface for the big bosses who think it's beneath them to use a regular interface”, Rostelecom Vice President Martynchenko explained to the Mikord team.

The main page of this dashboard contains the key indicators for the Ministry of Defense: how many Russians are subject to mobilization and conscription for military service, and how many meet the criteria to sign a contract to participate in the war.

The criteria for displaying the number of those mobilized on the “general” dashboard are stricter than the criteria specified in the technical specifications. Men are supposed to be aged 30 to 50 and women aged 30 to 45; they must have fewer than five children under the age of 16 (in case they do have more than 5 children, their mobilization is to be deferred). Presumably, in case of mobilization, they are the first to be called up. The criteria for the contract soldiers are also simple: men between the ages of 18 and 50 who are not registered with a psychoneurological dispensary or as HIV-positive.

With the dashboard, the Defense Ministry can quickly check how many conscription notices have been sent out, how many deferrals have been granted, and how many recruits have shown up.  

However, the overly sensitive data is not displayed even in the Ministry of Defense's internal system. The registry developers are prohibited from displaying the data on the number of Russians removed from the registry due to leaving the country and losing their citizenship. “This is classified information, which, as we were told, cannot be stored or displayed on dashboards either”, said Dmitry Kurochkin, project lead at RT Labs, during one of the conference calls.

“We got slammed this morning”. How the tests went at the Ministry of Defense

“They want to sign me up for some bullshit. ‘Writing requests based on criteria we can't cross-check with the system data.’ [...] Why do they need me for this? I don't get it. Just to sit around and watch, instead of doing something useful”, Ruslan Gaztdinov, an analyst for the project, said during one of his working trips to the Ministry of Defense where he went to test the registry. 

The RT SK and Mikord employees started going to the ministry regularly to do the early tests of the registry back in 2024. The tests were to be conducted at three locations:

• GOMU (Main Organizational-Mobilizational Directorate of the General Staff of the Russian Armed Forces) — Moscow, Frunzenskaya Embankment, 22/2; 
• TSOD-1 (Ministry of Defense data center in Moscow) — same address;
• TSOD-2 (Data center in Yekaterinburg, Vostochnaya Street, 60).

According to the correspondence, it was the Frunzenskaya Embankment where Mikord employees went to demonstrate and test the registry components.

At the Ministry of Defense, they would report to Andrei Biryukov, head of the GOMU and the husband of Yulia Levitskaya, who oversees the registry on behalf of the government. According to the leaked correspondence, the developers seemed to be afraid of it. But it did not prevent them from being careless about security while testing the registry at the ministry.

“Dear colleagues, the Ministry of Defense has uploaded the personal data [to the registry]. The 8th [Eighth Directorate of the General Staff of the Armed Forces, which is in charge of protecting state secrets] prohibited working on [unprotected] laptops (yesterday), but the testers still do. There's a scandal brewing at the Biryukov level”, the developers discussed. 

From April to November 2025, Ruslan Gaztdinov traveled to Moscow on business trips at least four times. He even spent his 28th birthday at the Ministry of Defense. “Happy birthday, Ruslan! I wish you to be happy. You are a great guy!” wrote his project lead, Alina Safiullina, just to immediately bring him back to reality: “Yesterday’s edit needs to be checked again in the presence of the military. We got in trouble for it this morning”.

Gazdinov's last business trip to the Ministry of Defense of those known from the leak, took place at the end of November 2025. The Mikord employees went to Moscow without a ticket back. “Well, I guess I'll go on Monday and stay for two days (there's no fucking way it's going to be just two days)”, Gaztdinov complained to a colleague. On November 19, he left the Ministry of Defense at 2 a.m., and on November 21, at 4 a.m. 

Mikord’s deputy director, Natalia Soboleva, promised Gaztdinov a bonus for the overtime:

“It needs to be merged by morning [...] Let's try, please. I'll talk to Ramil [Gabdrakhmanov, CEO of Mikord] about the bonus, but we need to finish the DB [dashboard]”.

“Well, I hope it won't take long, I just haven't slept properly for three days”, Gaztdinov wrote. 

“I haven't slept properly for three months”, Soboleva replied. “We just need to submit the 12 criteria, and they'll leave us alone [...] we'll get Biryukov's signature”.

A couple of days after returning from this business trip, Gaztdinov spoke to Soboleva about a raise — he asked for his monthly salary to be increased from 100,000 rubles (approx. $1300) to 135,000 rubles (approx. $1700).

“People we would rather not expose”. How the “right people” are removed from the registry

“Our highly respected supervisory agencies”, as Rostelecom Deputy Vice President Vladimir Korolev repeatedly referred to the intelligence services in conference calls, “operate with the concept of personal data, and with sensitive data as well. Some analytical reports may expose people [in the registry] we would rather not expose”.

In order not to “expose” such individuals, the registry has a special module called the Unified Linking Component (ULC). This tool was created to verify and process information added to the registry from external databases. The module allows to remove certain individuals from the registry without a trace, anonymize them, or replace their data with fabricated information, as well as to cancel the conscription notices sent to them and the restrictions, usually applicable to the conscriptees, imposed on them, or to hide them from the draft lists.

On January 9, 2025, an explanatory note describing the implementation of the module in detail was approved. It states that all data submitted to the registry must first be blocked for three days. During this time, the module operators check the data and, if necessary, change the person's details so that they cannot be identified, or remove the people they want. “If we need to delete or disguise data about a particular citizen, we go through all the records and change their surname everywhere”, Yuri Kiryanov, the chief architect of the registry, explained while describing the principle of “editing or depersonalizing” data during the development stage. People can be deleted either en masse, by uploading an entire list, or selectively.

The documents do not explicitly state who exactly is to be protected from conscription with the help of the module. The government decree on the creation of the registry states that work with the data must take into account the security of the Ministry of Defense, the FSB, the FSO, the SVR, and the Ministry of Internal Affairs personnel, as well as people subject to state security and their family members. This is a wide circle including judges, prosecutors, investigative officers, active military personnel, customs and tax officers, members of the government, and their families. The technical specifications for the registry also state that it must not contain records on security service personnel.

Military registration for the employees of law enforcement bodies (the Ministry of Internal Affairs, the Rosgvardia, the Federal Penitentiary Service, the Ministry of Emergency Situations, etc) has been separate for a long time. The concept of separate military registration first appeared in Russian legislation in 1995, but the practice of exempting the security and intelligence personnel from registration within the recruitment offices was first introduced in the USSR era. 

The module is designed to ensure that any manipulation of data cannot be traced: even the information about the records being deleted is subject to deletion. The customer and the project team call this “evidence-free” processing of “protected individuals”. This makes the process uncontrollable, which means that, in theory, anyone can be hidden from the registry.

“The module ensures complete invisibility of the interactions with the subsystem”, explains the hacker attack participant who examined the registry development architecture. “All the audit and logging functions are disabled both in the registry code itself and in the third-party components (e.g., the cryptographic gateway, the databases, the network equipment). It is done to ensure that working with the module leaves absolutely no trace of who manipulated the registry or what data was manipulated. This is primarily protection from the internal staff: usually, the logs are read by security administrators and other internal personnel”.

The requirements for the “no-evidence integrity” even led to disputes between the security services and the Ministry of Defense. “The regulators (as the security bodies are called in conference calls — Ed.) are eager to discuss this with the Minister of Defense and say: 'Guys, leave no history in the logs, there should be no fucking trace left'. But the opinions of the supervising agencies were divided”, said Vladimir Korolev, Rostelecom's deputy vice president, in a conference call with developers in July 2024. 

Mikord joined the development of the module no later than May 2024. That's when a chart showing how this module is supposed to work appeared in their internal knowledge base in Confluence. The name of the Ministry of Defense department responsible for monitoring and analyzing incidents can be seen there.

It is this department that will be examining all data entered into the registry and removing the required individuals from there. The information on who needs to be removed is sent to the department by the FSB, FSO, and SVR. In one version of the documentation, Rosgvardia is also listed among the security agencies. At work meetings, the developers of the registry directly refer to the ULC as a module for the “supervising agencies” — the security services.

One can only access the module while physically present at the Ministry of Defense. One of the latest versions of the technical specifications mentions that to ensure this, seven computers will be installed in the ministry's data centers, five in Moscow and two in Yekaterinburg.

The implementation of this module has affected the work of virtually all parts of the registry. It has even made the developers of the legal entities' personal account section unhappy (the personal account is where companies are supposed to submit info about their employees to the registry). 

During one of the conference calls, they discussed that an employer might potentially try to add a person that the security services do not want to see in the registry. At the same time, the feedback about which employees are accepted by the system and which are not could compromise the “protected individuals”.

“They [legal entities] will find themselves in a trap. [...] Six million organizations will complain that we have created a shitty system [...] the developer will always be the scapegoat”, argued Alina Safiullina, project lead on behalf of Mikord.

Vladimir Korolev, Rostelecom's deputy vice president, replied: “You're looking at it from the user's point of view, but when the Ministry of Defense looks at it, the supervising authorities [In this context, the security services] are added to the picture. Their positions are contradictory: the Ministry of Defense wants to thoroughly count everyone, but the regulators don't want it to happen”. 

“I'm just shocked by what they're doing”, Alina Safiullina later complained to the Mikord staff. “In the end, they'll have to go on walking there [to the military registration office to submit information about employees for military registration] physically just as they did before”, Bulat Khairullin replied. However, Mikord employees decided not oppose the customer actively nor stop working on the “shitty system”.

In April 2025, the module functionality was demonstrated to the government, including the data deletion feature. “We'll need to put the module on a separate machine, a laptop, and show it from there: show the visuals and the data deletion feature”, said Yulia Levitskaya. A month later, the module was being prepared for submission to the Ministry of Defense. 

The current status of the module is “in development”, according to the RT SK (another developer of the registry) Confluence knowledge base. 

“It’s not about ‘whether’ it leaks, It’s about ‘when’ it leaks”. Is the data in the registry itself protected well? 

The Mikord hacker attack does not mean that hackers have penetrated the military registration registry itself and can delete data on conscripts from it, as there is no external access to it. The registry data is stored separately from Mikord in a closed network that cannot be accessed directly from the internet or from a regular office network, and all entries and exits are filtered and recorded, explains a member of the hacker group. To gain access to this network, you need to go through an interview with an FSB employee and obtain a special laptop and flash drive.

From this description, it might seem that the data in the registry is securely protected, but this is not actually the case. The way the registry works has two serious vulnerabilities.

The first is the excessive amount of information stored, which makes it an attractive target for fraudsters, debt collectors, security services, and anyone else interested in the personal data of tens of millions of Russians.

“The main principle that determines the security of such systems is the principle of minimal sufficiency”, the expert says. “That is, the system should collect, store, and process only the data necessary for its operation. In this registry, all imaginable data is collected. Therefore, if you have physical access to the closed part of the registry and, for example, the passwords to its backup database, you can simply download all this data. It's not about ‘whether’ it leaks, it's about ‘when’ it leaks”. 

The second vulnerability is the ULC module itself, as the people with access to it can download any data from the registry with no fear of being noticed, because no traces of these actions remain in the system. 

The hacker attack on Mikord probably affected the client side of the registry — the website where Russians can find out about the conscription notices issued to them and the restrictions imposed. On December 5, after the company's infrastructure was compromised, a message about ongoing “technical works” appeared on the website. By the evening of December 10, the conscription notices registry was back up and running. Get Lost, an organization helping Russians evade conscription, reported that during these 5 days, it didn't receive a single message about anyone receiving a digital conscription notice.

“Digital Gulag” at a click. How the military registration registry works

The mobilization campaign in the fall of 2022 clearly showed the Russian authorities the weaknesses of the analog military registration system. Military registration offices did not have up-to-date information about Russians; it was not possible to deliver conscription notices to everyone, and it proved impossible to control those called up leaving the country. Over the past three years, Russia has almost completed the development of a system that can be used for a new and more effective mobilization campaign. 

The leaked documents show that the digital military registration system is designed to store the data on 25 million citizens — Russia's entire mobilization capacity. The registry contains more than 300 different fields of information about each person: education, place of work and residence, information about children, illnesses, property, etc. The registry's capacity allows it to send up to one million conscription notices per year, and 600,000 requests to impose and lift restrictions on citizens who have not appeared at the enlistment offices after getting the notice. Human rights activists call this system a “digital Gulag”.

“Once the registry is fully operational, it will be impossible to do anything in your life without leaving a trace there”, one of the hackers interviewed by IStories commented. “Every action will result in the enlistment office receiving [the up-to-date] information about you. It will become very difficult to evade conscription”.

IStories had a look at the guidelines that RT Labs developers wrote for the enlistment office staff in February 2024. Back then, the digital registry was being tested in the Lipetsk, Ryazan, and Sakhalin regions. These documents show how Russians should be registered for military service, sent conscription notices, prevented from leaving the country, and subjected to other restrictions.

Despite the digitization of the registration system, the conscription activities cannot be carried out without human involvement. The military registration office employees manually select the conscripts who will get the conscription notices. According to the documentation for the registry, there is no mechanism provided to automate this process. To send the draft notices to conscripts, the military commissar has to make a few more clicks—he signs the notices electronically, and then citizens receive notifications in their accounts in the conscription registry and on the Russian public services portal Gosuslugi.

According to the law, a person is prohibited from leaving the country as soon as a conscription notice in their name appears in the registry. For this, the military commissar must digitally sign the travel ban and send it to the FSB, according to the technical specifications and instructions for the enlistment offices. At the same time, certain wording in the technical specifications suggests that the restrictions could be automated.

Currently, the automatic ban on leaving the country has not yet been implemented — the enlistment offices and the FSB have not yet established the necessary data exchange. According to the Get Lost information, people can still cross the border even with a conscription notice and a ban on leaving the country in the registry.

The Ministry of Defense managed to introduce the registry in the enlistment offices before the 2025 autumn draft campaign started. Residents of more than 60 regions of Russia received digital conscription notices, according to the messages the Get Lost charity has been getting. According to the human rights advocates, basically all Russian regions have had a chance to try sending out the conscription notices through the registry.

“Right now, the registry is almost ready (meaning the current functionality of the registry, not the automatic restrictions implementation — Ed.)”, one of the hackers says. “Most developers are still submitting the work they are required to do under some initial contracts, but it's not the critical work anymore. So if they are required to perform a major draft campaign using the register tomorrow, the only thing that will stop them is the scale of the campaign, because such scales haven't been tested yet. But the main part of the functionality, importing and exporting data, is ready”.

“I don’t want to be working on the registry, please”. Who are the people developing the registry?

“The atmosphere was tense”, a source familiar with the development of the registry told IStories. “The project was implemented on a very tight schedule, in a rush”.

Before the invasion of Ukraine, Rostelecom’s subsidiary RT Labs, which worked on the registry in the first stage, was a client of Luxoft, an international IT company. In 2022, Luxoft left Russia. Some of the employees emigrated, while the rest switched to working for Luxoft’s clients. “So several hundred highly professional people, who know how to build large, complex services, ended up working for Rostelecom”, the source said. According to him, about half of the original team quit because they did not want to work on such a project. 

“Imagine: there was a good company with some very professional people, about a hundred of them. Then they were given this project. When they understood the nature of the project, about 50 people quit. There was a large drain of people, precisely for moral reasons. Some were persuaded to stay by providing good mortgages, and others were talked to and given a raise. [Many] were ashamed, and they still are”, he says. 

The Mikord leak reveals that some employees did not want to participate in the project. 

“Ramil, I don’t want to be working on the registry, please, don’t put me there... [...] You’re joking, right?” one tester asked the company CEO. Right before the attack, several people quit. One of them, as colleagues later discussed, “left beautifully” — he told the deputy director, Natalia Soboleva, that he “didn't like her as a person”. His colleagues decided that “he could be understood”.

The leaked correspondence suggests that people would quit regularly. In January 2025, employees were asked to share the phrases they associated with the company brand. One of them replied: “According to the chat, the most common phrase is ‘it was my last day at Mikord today’”.

When a colleague asked Ruslan Gaztdinov, an analyst, about the nature of the registry project, he briefly replied: “Filth”. The leaked materials show that Gaztdinov had served in the army in 2020 and has hated everything related to it ever since. In one of his messages, he described his army experience as “fucking hell” and “prison”. “I will spend the rest of my life telling people no one needs this shit”, he wrote. Gaztdinov did not respond to questions from IStories, hanging up the phone.

Mikord is one of the IT companies “accredited” by the government, which allows its employees to claim exemption from mobilization and military service. They are not ready to go to war themselves. For example, in the spring of 2023, one of Mikord's testers, Lenar Aituganov, was in Thailand and asked his colleague if conscription notices were being handed out back home; otherwise, he would have stayed in Asia. 

Mikord employees are not allowed to discuss war and politics in work chat rooms. When drones attacked the region where one of the developers lived, the company's deputy director, Natalia Soboleva, interrupted the discussion of the incident and told everyone to communicate via private messages.

About 60 people work at Mikord. The registry is being developed by a young team: their average age is 33. Most of the developers, testers, and analysts graduated from technical universities in the Russian regions of Tatarstan and neighboring Bashkortostan. The company actively hires inexperienced people at minimum wages: developers interviewed by IStories say that for many, Mikord was their first job in the IT sector, immediately after graduation.

Many Mikord employees earn less than the average salary in the IT industry in Kazan, Tatarstan. For example, testers were offered monthly salaries ranging from 30,000 to 60,000 rubles ($400-800 approx.),and developers and systems analysts would get 40,000 to 80,000 rubles ($500-1000 approx.). They were promised “interesting tasks”, as well as “tea, goodies, grain coffee, a break room and a game room”, 200 rubles ($2.5) a day for lunch, and corporate activities — for example, the padel game. 

The head of the department at Mikord is offered 250,000 rubles ($3000 approx.) per month. According to other leaks, Mikord's deputy director, Natalia Soboleva, who is the immediate supervisor of everyone involved in the military registry project, earned about 350,000 rubles a month ($4500 approx.) in 2025, while the company's CEO, Ramil Gabdrakhmanov, earned an average of 1.5 million rubles ($19000 approx.) a month. His wife, Albina, receives about half a million rubles ($6400 approx.) a month. She was a co-owner of Mikord from 2017 to 2023 and is still listed as an employee of the company, but there is no trace of her work activity in the documents we received. 

After the mobilization was announced in 2022, Gabdrakhmanov almost immediately left for Kazakhstan and spent about a month there, according to leaked information. Albina, meanwhile, was preparing a backup plan for her family: in December 2022, she obtained Kyrgyz citizenship. At the same time, several hundred other Russians, including many of those called elites, did the same. Anti-corruption expert Ilya Shumanov noted that these passports were most likely obtained through corruption, with a service fee ranging from $5,000 to $30,000. 

One of the development managers on the Mikord side is a 33-year-old Alina Safiullina. Formally, she does not work for the company, but she has received a total of about two million rubles ($25500 approx.) from it under the contracts for the registry architecture development services. Before Mikord joined the registry project, Alina had worked at the Analytical Center under the Russian government, which was also involved in the registry development.

In the summer of 2025, Safiullina's husband, Timur, told a Tatarstan newspaper that the spouses would often travel all over Europe and that they had lived in Vienna for three years. From the interview and Timur's resume, it appears that Alina Safiullina was actively working on the military registry while living a vibrant life in Europe. Although the Safiullins returned to Russia in 2025, Vienna remains their favorite city. 

“[Vienna] is probably my favorite city”, Timur Safiullin said in the interview. “Everything here meets my inner needs, and I dare say the same for my significant other. I am impressed by the lifestyle of the people here. Vienna is a safe and peaceful place to live. It has a well-developed public transportation system and a very comfortable urban environment”. 

***** 

A few days after the hack, Mikord updated its website. The company's values appeared on the home page, including “a special approach to security issues”. The company wrote that it “exclusively uses Russian software solutions” and is “trusted by law enforcement agencies and state-owned companies”. 

Soon, the mention of this commitment disappeared from the website.

When asked about the reasons for the hack, Mikord CEO Ramil Gabdrakhmanov responded philosophically: “Listen, it happens to everyone. Many are being attacked right now”. For several days after compromising the company’s infrastructure, the hackers remained in the system and were able to read the internal correspondence.

Throughout the day on Saturday, December 6, Mikord’s management collected logs from employees’ computers to investigate the incident. Ruslan Gaztdinov hadn’t even read these messages until his colleague Timur Absatrov wrote that the FSB was brought in because of the hack.

Absatrov was worried that the client wouldn't continue working with Mikord: “I think they might not renew the contract”. “It’s fine”, Gaztdinov replied. They agreed to spend Sunday playing Dota together against the “soldiers” from the Ministry of Defense team, as Mikord employees referred to them in their correspondence. 

Get Lost has made the array it received from the hackers publicly available. The first part of the documents and source code can be viewed at the link.