Teams of the world's strongest white hat hackers and defenders will come together at the year's main cyberbattle.

cyber_battle

International Standoff 17 Cyberbattle

BSOD Squad

Behind the glass facades of the City, uninterrupted digital life seethes. Every second, terabits of traffic fly through the backbone fibre-optic channels. In the humming halls of data centres, server indicators wink at each other, while cloud platforms non-stop route payments, video calls, and the data of thousands of companies.

The IT sector is the fundamental framework of State F, upon which banks, telecoms, logistics, and city services are tied. As long as everything works, residents take it for granted. But knock out a couple of digital pillars, and the rhythm of the metropolis collapses minute by minute.

The heart of this ecosystem is the Staforix corporation. This technological giant has subjugated the clouds, the telecom infrastructure, educational platforms, and corporate software. On its capacities runs the better half of the State F economy.

For attackers, Staforix’s infrastructure presents a colossal and tempting attack surface. In the crosshairs are virtualisation systems and reverse proxies, internal CI/CD pipelines, and the file storage of head offices. And alongside them — hardcore industrial targets: cooling and power management systems for data centres, billing systems for exhibition centres, and the workstations of dispatchers at critical facilities.

It is here that cybersecurity breaches directly affect the physical world. Take down the air-conditioning system in a data centre — the servers overheat and the clouds fall in cascades. Hack the UPS — the infrastructure goes dark with irreversible loss of customer data. And a successful attack on the supply chain of a development company means that a fresh update will spread malicious code across dozens of corporations.

But failures hit hardest at ordinary people whose lives are tied to Staforix. A hacked educational portal wipes out exam results. Cyber sabotage disrupts the opening of a prestigious exhibition. An activated automatic irrigation system floods the pitch in the middle of a stadium match. An intercepted control system accelerates the gondolas of a cableway over the city to critical speed. Businesses lose contracts, investors lose money, and residents learn State F’s harsh lesson: any digital system is only as reliable as its ability to withstand a real strike.

IT sector

## Industry Description

This is a special industry within the Standoff cyber battle, aimed at assessing the security of a digital twin of the «Vkusno — i Tochka» fast food chain infrastructure.

Within this industry, participants are given access to a specially prepared digital twin that replicates the key components of the enterprise infrastructure, including self-service kiosks, server components, and related technology services. The goal is to execute scenarios capable of leading to unacceptable events that impact the business processes of order placement and processing.

The industry operates under a special format:

- testing is conducted on a digital twin of the industry infrastructure;
- no points are awarded for reports;
- rewards are paid only for the first confirmed realization of each unacceptable event;
- repeated realization of the same unacceptable event is not eligible for additional reward;
- final review and confirmation of reports may take up to 1 month after the event concludes, as some scenarios require additional log verification, reproducibility checks, and business impact assessment.

## Industry Scope

dmz/uplink 10.119.24.0/27 
srv1 10.149.56.0/27 
srv2  10.149.56.64/26 

## Payouts

Payment is made for the first confirmed realization of each unacceptable event.

If several teams or researchers have realized the same unacceptable event, the participant whose report was first accepted for review and confirmed receives the right to the reward.

Repeated realization of an already confirmed unacceptable event does not guarantee payment.

The final decision on the confirmation of an unacceptable event and the payout amount is made based on the triage and validation of the report.

After the triage procedures are completed and the fact of the unacceptable event realization is confirmed, the winner receives a link to the Standoff Bug Bounty platform for processing and receiving the reward. Payment is made through the Standoff Bug Bounty platform in accordance with the platform's rules.

## Confirmation of Realization

To confirm the realization of an unacceptable event, the participant must provide sufficient evidence of the scenario's reproducibility, including a description of actions, screenshots, video recordings, network data, or other materials that allow the fact of achieving the unacceptable event to be verified.

The verification of the correct realization of unacceptable events is carried out by representatives of the customer and the event organizers.

In the event of disputes or the need for additional verification, the organizers have the right to request additional materials or independently reproduce the scenario on the testbed infrastructure.

Digital copy

Grep_Tribe

The rhythm of the City never falls silent for a second. Whether it’s early morning or deep into the night, couriers dart through the streets, self-checkout counters hum in 24-hour markets, and pickup-point doors swing open for yet another customer. The retail market in State F is controlled by RetailSTF Group. It has built its trading empire so that a purchase feels entirely natural: no one stops to think about the computing power behind the delivery of an evening pizza or a new pair of sneakers.

Behind the invisible convenience lies a vast digital infrastructure: a network of online stores and pickup points, fast-food restaurants, and large-scale warehouse complexes with automated security and video surveillance. The company’s unique asset is the YeastCraft platform: it grew out of the craft-beer segment and turned into a marketplace for live cultures, where microbiologists sell strains directly to breweries, and the breweries then select a genetic composition tailored to a specific request.

All the systems work as a single circuit: ordering, payment, delivery and handover are compressed into minutes. But where business sees flawless connectivity, hackers see an ideal attack surface.

Tamper with the video feed — and the security system goes blind while uninvited guests move through the warehouse. Find a vulnerability in the self-checkout logic — and bonus points flow in an endless stream into somebody else’s pockets. Release a fake barcode — and “18+” goods end up in hands without a single age check. And if they get to YeastCraft and alter the order data, diastatic yeast will be shipped to the plant instead of the required strains, turning an entire product batch into a defect.

For State F these are not abstract threats. The company’s infrastructure is stitched too deeply into daily life, and if it collapses, everyone will feel the consequences — from the lover of an evening pizza to the owner of a large-scale production facility.

Retail

IZOLENTA

D0br03 utr0

Threat Nuggets

We are used to electricity just being there. While lights are on at home, the metro carries passengers, and factories melt metal, no one thinks about the work of power engineers.

From the outside, the industry looks like a monolithic physical machine of pipes and wires. But in reality, the energy sector of State F is a giant IT infrastructure. Dispatch centers, substations, monitoring, commercial metering, and billing systems have long merged into a single network where servers and algorithms manage megawatts.

Key industry players:

GenPower F — the heart of generation. The company produces megawatts for the entire State F. It operates thermal and hydroelectric power plants, wind farms, and industrial energy storage systems. GenPower F balances output every second based on demand and even weather forecasts to keep the country's critical infrastructure running without failure.

GridF — the grid company. It manages backbone and distribution networks, substations, and coordinates field crews. Inside GridF operates a complex digital mechanism: dispatching systems, ICS, smart meters, and proprietary telecom networks. Terabytes of telemetry flow through the company's infrastructure along with electricity.

SO‑F — the system operator. It maintains the balance of power and frequency in the Unified Energy System of State F, coordinates the work of generation and grid infrastructure, approves repairs, and manages emergency modes.

ClearingF — the financial hub of the wholesale market. Deals are registered here, green energy certificates are processed, and all interbank settlements of the energy sector take place. ClearingF is also a powerful IT company: it develops load forecasting platforms and has centralized access to parts of other market participants' IT infrastructure.

EnergySupply F — the guaranteed electricity supplier and the public face of the industry. Through the company's services, people pay bills and submit meter readings. EnergySupply F continuously analyzes consumption profiles, calculates tariffs, interacts with the regulator, and processes commercial metering data coming from GridF networks.

ERA F — the Energy Commission of State F. It regulates the electricity market: sets tariffs, issues licenses to market participants, and monitors compliance with mandatory standards. The organization analyzes key energy system indicators, records imbalances, and in crisis situations coordinates market participants' actions through a 24/7 alert system and duty service.

For a long time, the residents of State F took energy for granted. People got used to paying bills with a couple of taps on their smartphones, and factories entrusted energy consumption control to automation. But it is this digitalization that has turned the industry into an ideal target for hacker attacks.

Attackers are targeting dispatching control systems, SCADA and MES platforms, certification systems, customer portals, commercial metering and monitoring systems, and centralized server administration tools.

Today, a single compromised account or an unpatched vulnerability in an industrial gateway is sometimes enough for the entire country to feel the consequences of an attack. Tampering with consumption data instantly generates billions in losses and paralyzes financial flows. Hacking ICS and stopping a turbine at a thermal power plant leaves districts without electricity and heat. A substation failure halts factories, paralyzes transport, and disables water supply systems.

Acronyms like "SCADA" and "ICS" have long migrated from technical manuals to evening news headlines. Large business owners start their mornings with power system status reports, knowing that any digital failure in the energy sector will instantly trigger a chain reaction affecting retail, telecom, and industry.

Energy

ReKad Team

The railway of State F is rarely noticed — as long as it works. The endless freight trains hauling coal and metal, the packed morning commuter trains, and the express trains hurtling through the night are all governed by a single schedule. Logistics here is calibrated to the minute, and every switch, signal, and dispatcher’s console is tied into a unified digital system on which the life of the entire State F depends.

The industry monopolist is the Train Logistics corporation. It manages stations, marshalling yards, depots, as well as its own training centres and departmental polyclinics. For attackers, a multitude of vectors opens up here: targets include both conventional corporate networks and the closed industrial loop.

Tampering with the timetable on station displays will create chaos on the platforms. Interference with dispatching centres can alter routes and provoke a large-scale accident. But the most interesting things lie on the periphery. For example, hackers can reach the databases of departmental polyclinics to pull a healthy crew off the line or, conversely, send a driver with an expired medical clearance out on a run. It is possible to go even more subtle: infiltrate the training LMS systems and quietly substitute the regulations. Trainees will cram distorted safety rules without ever suspecting it and, with their own hands, will prepare a future catastrophe.

The peculiarity of the railway is that the consequences of an attack always extend beyond a single company. The delay of one train triggers a chain reaction: passengers run late, deliveries are disrupted, factories stand idle, and motorways choke from overload.

Residents of the City have grown accustomed to thinking of trains as the most reliable part of State F’s infrastructure. That is precisely why every failure here is felt especially acutely. When a dispatcher sees an order on the screen that they never gave, the whole country understands: a successful cyberattack here is not just a defaced website. It is interference in the physical movement of thousands of tonnes of metal hurtling through the night at 120 kilometres per hour.

Railway sector

Жаным }|{aHblm

The heavy industry of State F rests on a single steel backbone — the Steelhill corporation. It is an enormous production ecosystem that unites a coal-mining and ore-dressing combine with the metallurgical giant MetalliKO.

In the north, Steelhill bites into the largest coal basin. What is extracted here is not merely raw material, but literally energy for the entire region: the local coal supplies both metallurgical furnaces and regional thermal power plants. Underground mines, haulage drifts, and beneficiation plants work as a single mechanism. Right at the combine, the company’s own coke-chemical plant smokes — the pride of the company, enabling it to abandon external coke suppliers. It is precisely from here that an uninterrupted flow of fuel for the steelmaking cycle comes. Let the mine hoists freeze — and the whole region will start to run a fever.

Further south sprawls MetalliKO — the flagship combine of State F. It is divided into two autonomous worlds. The first is classical metallurgy: the roar of blast furnaces, converters, and rolling mills. The second is a titanium shop, with its own raw materials and unique process technologies. Both steel and titanium sponge flow out from here across the entire country: from large-scale railway construction projects to the luxury skyscrapers of the City.

All production activity rests on a developed digital infrastructure. Corporate IT systems here are tightly interwoven with industrial ICS networks. Environmental monitoring sensors, safety controls in the mines, and hundreds of PLCs that directly command the rolling mills and furnaces — all of this is the unified digital framework of Steelhill.

For hackers, an immense field of attack opens up here: from the operator consoles at the coal beneficiation plant to the corporate IT servers. And the most dangerous thing is that attackers do not need to break everything in succession. It is enough to strike a single vulnerable point to set off a chain reaction.

For instance, stopping the water supply pump in the quenching tower of the coke-chemical plant — at first glance, a local failure. But without cooling, the incandescent coke not only loses its commercial properties — it begins to burn.

A fire on the coke-sorting platform forces a halt to the unloading of the coke-oven batteries; the product builds up, and the entire coke-chemical section comes to a standstill. Without coke, MetalliKO reduces steel output, and within a few days construction contractors in the City face a shortage of rolled metal and a rise in prices for infrastructure projects.

The stoppage of the main ventilation fan looks no more frightening, but in practice it means an emergency evacuation of the mine and a complete halt of extraction. If the downtime drags on, fuel stops reaching the regional thermal power plants — and power engineers are forced to switch the stations to reserve stocks or restrict the supply of capacity to industrial consumers.

Mining and metallurgy

SeeLion

Banks in State F long ago ceased to be simply a place where money is kept. Here, people pay for purchases by QR code, arrange loans in a matter of minutes, open accounts without visiting an office, and transfer digital rubles between organisations.

The financial landscape is shaped by three major players. Global Digital Bank develops digital services and serves clients entirely online. First Partner Bank bets on a partnership ecosystem, QR payments, and the digital ruble platform. And Commercial Bank of Standoff is responsible for the corporate segment, interbank settlements, and business lending.

Attackers have access both to the banks’ external services and to their internal infrastructure: web portals, Kubernetes clusters, interbank transfer systems, customer databases, operators’ workstations, and digital ruble interfaces. The compromise of a single vulnerable system here rarely remains a local problem. The takeover of a container can lead to an attack on the entire cluster; hacking an internal portal can halt the connection of partners to the instant payment system; and data tampering on the digital ruble platform can cause panic among businesses and regulators.

The consequences of successful attacks quickly extend beyond a single company. Leaks of passport data trigger a wave of fraud and lawsuits. Disruption of interbank transfers hits supplies, salaries, and settlements between enterprises. The compromise of digital ruble systems endangers trust in the state’s new financial infrastructure.

When financial services work invisibly, hardly anyone thinks about them. But the moment the ability to pay for a purchase, receive a salary, or transfer money to a supplier disappears, digital comfort instantly turns to chaos.

Banking

Commercial Bank of Standoff

First Partner Bank 

Global Digital Bank

akPots

When communication disappears in State F, people first check their phone. Then they reboot it. And only when they go to the window in search of the coveted signal bars do they realise: the problem is not on their end.

Veleron Telecom is the country’s largest operator. In normal operation, its infrastructure is absolutely invisible. Base stations on rooftops, humming billing server rooms, traffic filtering systems, satellite dishes outside the city — all of this is woven into a colossal IT artery. Through it flows half the state’s economy: from mobile internet and home TV to corporate clouds.

Under Veleron’s hood is an immensely complex technical landscape: rating modules, mobile core management systems, eSIM generation platforms, and IPTV broadcasting balancers. For the operator’s engineers, it is heavy daily routine to support the hardware and software. And for malefactors — a luxurious attack surface with thousands of potential entry points.

There are no isolated failures here. An error or a successful breach inside this network instantly strikes across the whole of State F.

The billing system goes down — and millions of subscribers are left without communication, while payment terminals in shops stop working. IPTV servers are compromised — meaning that right in the middle of prime time, fake emergency alerts can be broadcast onto screens. An attack on a cloud cluster drags CRM systems, shops, and delivery services down with it. And if hackers manage to reach the call detail logs, they obtain a ready-made map of social connections, before which any classical wiretapping pales.

Communication long ago ceased to be just a sector. It is now the load-bearing structure of the entire State.

That is precisely why any major incident in Veleron Telecom instantly mutates from a technical fault into a political, economic, or social crisis.

International Standoff 17 Cyberbattle

Banking

Attacker metrics

Defender metrics

Results