Russia’s second-largest bank experienced the largest cyber attack (DDoS attack) in its history. The government-controlled St Petersburg-based VTB financial institution announced on Tuesday that it was experiencing an “unprecedented cyber attack from abroad.”
The bank warned customers of temporary difficulties in accessing its mobile app and website due to the ongoing DDoS attack (distributed denial of service attack) but assured them that their data remained safe. VTB stores its customer data in the internal perimeter of its infrastructure which the attackers did not breach.
According to the bank’s internal analysis and as reported by local Russian media, this DDoS attack was pre-planned and orchestrated to cause hindrance in the bank’s functionalities and to inconvenience its customers. Despite the bank’s online portals being inaccessible, all other core banking services are operating as usual.
VTB stated that they identified most of the malicious DDoS requests from “foreign segments of the internet,” but some network-flooding traffic also originated from Russian IP addresses which the bank noted was “of particular concern.”
Either foreign actors used local proxies for some of the attacks or they managed to recruit local dissidents in their DDoS campaign. The bank stated that it will hand over all the information regarding the Russian IP addresses to law enforcement for criminal investigation.
What makes this DDoS attack particularly interesting in light of the recent political events is that VTB is 61% state-owned, implying that the attackers made an indirect blow at the Russian government.
On Dec 6, 2022, in a tweet, the pro-Ukraine hacktivist group, going by the name ‘IT Army of Ukraine,’ claimed responsibility for the DDoS attacks against VTB, announcing the campaign on Telegram and Twitter.
According to the IT Army of Ukraine, over 900 Russian entities, including stores selling military equipment and drones, the Central Bank of Russia, the National Center for the Development of Artificial Intelligence, and Alfa Bank, have been targeted by the group since they started being more active in November.
It is worth noting that the IT Army of Ukraine along with the hacktivist group Anonymous also took responsibility for September 2022’s social engineering attack in which the Russian Yandex taxi app was hacked to cause a massive traffic jam in Moscow.
On the other hand, Microsoft warns Europe to be on alert for cyber attacks from Russia because this attack follows a series of cyber campaigns launched against Russian organizations.
Last week, reports of data-wiping trojan deployed against Russian mayors’ and courts’ computers surfaced. The media reported that the wiper poses as ransomware and demands half a million rubles and deletes files regardless of whether the organization pays the amount or not.
With the latest round of wiper and DDoS attacks, GM of Microsoft’s Digital Threat Analysis Centre Clint Watts warns Europe that Russia is likely to expand its “hybrid-war” efforts beyond Ukraine. He further stated that the Kremlin might use such state-sponsored attacks to disrupt foreign supply chains.
European nations and the US should also brace for more Kremlin-backed influence operations – preying on citizens’ concerns about rising energy prices and inflation, and pushing pro-Russian narratives, Watts wrote.
- Anonymous Hacktivists Leak 1TB of Top Russian Law Firm Data
- Ukraine Busts Pro-Russia Hackers Who Stole 30M EU Citizens’ data
- OldGremlin Gang Known for Targeting Russia Launches Linux Malware
- Russian Ministry Website Hacked to Display “Glory To Ukraine” Message
- Ukraine Thwart Russian Industroyer 2 Malware Attack on Energy Provider