NewsUkrainian hackers disrupt major Russian banks in unprecedented cyber attack

Ukrainian hackers disrupt major Russian banks in unprecedented cyber attack

The Ukrainian hacker group IT Army claims they conducted a large-scale cyber-attack on the Russian payment system Mir and the largest banks on June 20. According to experts, it was one of the most severe attacks on the financial sector in years, although customer losses were limited.

Russian banking system attacked

Images source: © Getty Images | Contributor

Robert Kędzierski

24 June 2024 07:46

On June 20, the Russian payment system Mir and the services of the largest banks, including VTB, Alfa Bank, Gazprombank, and Sberbank, were paralyzed for several hours due to a hacker attack. The Ukrainian volunteer cyber group IT Army claimed responsibility for the action. The attack, using the DDoS (distributed denial-of-service) method, was repelled after several hours of paralyzing the banking system.

IT Army stated on Telegram's messaging platform that they kept the promise given the day earlier. The group called their attack "probably the largest DDoS attack in history." According to the Ukrainian hackers, the action completely cut off the Mir system and affected many smaller banking services besides the main institutions. It was another high-profile attack by IT Army - previously, the group disrupted the public transport payment system in Moscow and Kazan.

The most serious incident in years

Experts cited by the Kyiv Post confirm that the attack was the most serious since September 2021, when card payments and transfers were disrupted for three hours. At that time, the target of the attack was Orange Business Services, through which a significant volume of large bank transactions passed. Kommersant's sources claim that the previous attack was noticeably more muscular, covering online payments and transactions in stores and ATMs.

Independent Russian-language media report that the day before hitting the Mir system, the same hacker group unsuccessfully attempted to attack several large Russian banks. A newspaper source speculates that the perpetrators may have been "training" on the banks before attacking a more critical target. Kommersant’s interlocutors reveal that the hackers used so-called carpet attacks, simultaneously hitting a given institution's resources, leading to infrastructure overload and network connectivity loss. This type of attack is harder to repel than a classic DDoS.

One of Kommersant's informants critically assesses the NSPK's (National Payment Card System) response to the attack as insufficiently efficient. In his opinion, when the payment gateway servers were hit, NSPK should have instantly activated backup servers, but they did not.

A source claims that the hackers were very well-versed in the Russian payment system and knew how to bypass the security measures. "Some monitoring systems of NSPK did not work; backup capacities were not connected. Put simply, it was chaos combined with a well-prepared attack," summarizes the newspaper's source.

Russian authorities: the incident caused no damage

NSPK stated in a communication that it is prepared for similar situations and has sufficient means to monitor and prevent attacks. They assured us that the incident had affected a few services and that its effects were short-lived.

Cybersecurity experts emphasize that although customers did not suffer serious losses, additional protection measures will be needed to avoid similar problems in the future. They evaluate the attack as successful mainly in terms of temporary destabilization rather than causing specific damage.