Press center
Receive accreditation or become our media partner to promote cyberawareness
Millions for bugs: total rewards for ethical hackers on Standoff Bug Bounty exceed 240 million rubles
To celebrate the platform's third anniversary, 17 organizations were awarded for their contributions to the advancement of the Russian bug bounty market During the international cyberfestival Positive Hack Days, the Standoff Bug Bounty platform summarized its progress over the past three years. Since its launch, Standoff Bug Bounty has attracted nearly 25,000 cybersecurity researchers from 60 countries worldwide. The total amount of rewards during this period was 242 million Russian rubles. Over 100 bug bounty programs have been published on the platform, each contributing to the enhancement of business and government security. An award ceremony for the best bug bounty program owners took place during the plenary session of PHDays Fest on Saturday, May 24. From May 2022 to May 2025, more than 25,000 bug hunters from 60 countries in Asia, the CIS, the Middle East, as well as Europe, Africa, and Latin America registered for Standoff Bug Bounty. Over the past year and a half, the number of ethical hackers on the platform has more than tripled, and the total number of vulnerability reports submitted has increased more than fivefold to 10,900. Other metrics are also growing rapidly: since November 2023, the number of unique vulnerability reports accepted by customers has more than tripled (4,772), as has the number of critical vulnerabilities found (520). According to these metrics, Standoff Bug Bounty is the leader among similar Russian platforms. The maximum reward amount offered on Standoff Bug Bounty is nearly 4 million rubles, which is an increase by 39% compared to 2023. This is the largest reward among Russian bug bounty platforms. The average payout for an accepted vulnerability reached 58,000 rubles. Over 100 bug bounty programs have been launched on Standoff Bug Bounty, and some of them aim to research scenarios of non-tolerable events. The platform has a wide range of customers: from small and medium-sized businesses to the largest Russian marketplaces, media holdings, government institutions, and regional governments. The largest number of vulnerability reports was received by IT companies in 2023 and by the retail sector in 2024.
15 countries will clash at Standoff 15, a white hat hacker showdown with a $50,000 prize pool
The Standoff 15 international cyberbattle will take place at the Luzhniki sports complex during the Positive Hack Days cyberfestival on May 21–24. Over 40 teams of attackers and defenders from 15 countries across Europe, the CIS, Southeast Asia, and the Middle East will clash in a major cybersecurity showdown. The top red teams in this cyberbattle will split a $50,000 prize pool. Blue teams will investigate live hacker attacks and defend industries, putting their skills to the test in the real world. Russia's Ministry of Digital Development is backing the Positive Hack Days cybersecurity festival. The City of Moscow is our strategic partner. This year's festival is powered by the Social Development Complex, the Department of Information Technology, and the Department of Entrepreneurship and Innovative Development. Cyberbattle participants will attack and defend the infrastructure of a virtual state. It covers seven key industries: metals, energy, oil and gas, banking, urban environment, aviation, and logistics. Each segment will have its own physical mockups and a revamped visualization system, so visitors can witness firsthand the fallout of successful attacks: streetlights going dark, flight delays, fuel shortages from a refinery meltdown, banking app crashes, even a steam turbine grinding to a halt at a power plant. This year, we'll see locally customized Linux domains powering oil and energy infrastructure, while the banking sector will adopt domestic payment processing solutions, a versatile mobile authentication, and e-signature platform. Our digital government infrastructure includes over 600 software programs, hardware components, and devices. New techniques and monitoring of attacks During May's cyberbattle, white hat hacker teams can try out new attack techniques. For example, bypassing two-factor authentication (TOTP/2FA), sneaking past Content Security Policy (CSP), exploiting buffer overflows in user services, tricking DNS caching (DNS Cache Deception), and remotely running code through Python Pickle Deserialization. In total, the attackers will get the chance to trigger more than 120 critical events. Points will be awarded based on the complexity and success of the attacks. Blue teams (cybersecurity pros) will defend industries in investigation or response mode. In the first case, their mission is to log as many incidents as possible and investigate the attacks. In response mode, the teams will be able to prevent and counter attacks to protect their sectors. A global community of participants Teams from 15 countries, including France, Italy, Germany, Poland, Serbia, Russia, Kazakhstan, Uzbekistan, Armenia, Indonesia, Thailand, Vietnam, Tunisia, Oman, and the UAE, will clash at Standoff 15. Over 30 red teams (ethical hackers) will be on the offensive. Some of them joined us after rocking our April qualifier. Over 40 teams battled it out over five days for just five spots in the cyberbattle finals. Others snagged their invites thanks to their performance in previous Standoffs (13 and 14) and two seasons of the International Cybersecurity Games. Plus, 10 professional pentesting teams, including Southeast Asia's top talent, joined us through a special international program. There will be 13 blue teams participating in the event. Our judges, experts from both Standoff and ESC, will be keeping a close eye on the cyberbattle, making sure everyone plays fair and checking the reports from both the blue and red teams. The cyberbattle Standoff 15 is teaming up with top Russian tech companies. Digital Solutions, a leading Russian developer and manufacturer of network security hardware, provides the building blocks for a rock-solid IT and cybersecurity infrastructure for your entire digital kingdom. At the banking industry mockup, software solutions will be presented by eKassir, a developer of software for banks and financial institutions, and SafeTech, a developer of innovative solutions for securing remote banking systems and electronic document management. The NTI Center at MPEI, a developer of smart grid protection, automation, and digital twin solutions, will deploy its services on the energy sector model.