NewsUkrainian hackers paralyze Russian banks in a massive cyber-attack

Ukrainian hackers paralyze Russian banks in a massive cyber-attack

The Ukrainian hacker group IT Army claims they conducted a large-scale cyber-attack on the Russian payment system Mir and the largest banks on June 20. According to experts, it was one of the most severe attacks on the financial sector in years, although customer losses were limited.

Russian banking system attacked
Russian banking system attacked
Images source: © Getty Images | Contributor

7:11 AM EDT, June 24, 2024

On June 20, the Russian payment system Mir and the services of the largest banks, including VTB, Alfa Bank, Gazprombank, and Sberbank, were paralyzed for several hours due to a hacker attack. The Ukrainian volunteer cyber group IT Army claimed responsibility for the action. The attack, using the DDoS (distributed denial-of-service) method, was repelled after several hours of paralyzing the banking system.

IT Army stated on the messaging platform Telegram that they kept the promise given the day earlier. The group called their attack "probably the largest DDoS attack in history." According to the Ukrainian hackers, the action cut off the Mir system and affected many smaller banking services besides the main institutions. It was another high-profile attack by the IT Army; previously, the group disrupted the public transport payment system in Moscow and Kazan.

The most serious incident in years

Experts cited by the Kyiv Post confirm that the attack was the most serious since September 2021, when card payments and transfers were disrupted for three hours. At that time, the target of the attack was Orange Business Services, through which a significant volume of large bank transactions passed. Kommersant's sources claim that the previous attack was noticeably stronger, covering online payments and transactions in stores and ATMs.

Independent Russian-language media report that, the day before hitting the Mir system, the same hacker group unsuccessfully attempted to attack several large Russian banks. A newspaper source speculates that the perpetrators may have been "training" on the banks before attacking a more critical target. Kommersant’s interlocutors reveal that the hackers used so-called carpet attacks, simultaneously hitting all the resources of a given institution, leading to infrastructure overload and network connectivity loss. This type of attack is harder to repel than a classic DDoS.

One of Kommersant's informants critically assesses the NSPK's (National Payment Card System) response to the attack as insufficiently efficient. In his opinion, when the payment gateway servers were hit, NSPK should have instantly activated backup servers, but they did not.

A source claims that the hackers were very well-versed in the Russian payment system's workings and knew how to bypass the security measures. "Some monitoring systems of NSPK did not work. Backup capacities were not connected. It was chaos combined with a well-prepared attack," summarizes the newspaper's source.

Russian authorities: the incident caused no damage

NSPK stated in a communication that it is prepared for similar situations and has sufficient means to monitor and prevent attacks. They assured us that the incident had affected a few services and that its effects were short-lived.

Cybersecurity experts emphasize that although customers did not suffer severe losses, additional protection measures will be needed to avoid similar problems. They evaluate the attack as successful mainly in temporary destabilization rather than causing specific damage.

© essanews.com
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.