Financial
Financial and insurance activities
356
cyberattacks and operations
In the Russian-Ukraine war, why do cyberattacks on the Financial sector matter?
The financial services sector is vital for the functioning of society. A number of factors are contributing to the heightened risk of cyberattacks against the financial sector as a result of the conflict. Banks and financial institutions have been on high alert relating to a fear of an increase in cyberattacks following the sanctions imposed on Russia by Western nations. The sanctions have resulted in a number of Russian and Belarusian organizations being banned from the global payments messaging system Swift used by financial institutions, a system pivotal for the banking network, the transfer of money across borders and to access to funds. This disconnects Russian and Belarusian companies ability to operate globally, adds delays and costs, and cuts off revenues.
DDoS attacks against financial institutions in Ukraine have been reported during the invasion. There have also been a number of hack and leak attacks on banks from Russian which have raised concerns relating to data protection issues as gigabytes (GB) of data are published online often containing the personal information of individuals.
What types of attacks have been documented against the sector?
Which countries have seen attacks on the sector in the context of the war?
What impact do these attacks have on people?
Disruptive cyberattacks on banks can impact customers directly with issues to access services such as online payments, banking apps and access to ATMs. Limiting the civilian population's access to money during the invasion and in the ongoing conflict is particularly distressing for individuals who seek to retrieve their financial assets in order to buy provisions, make logistical arrangements and to protect themselves and their communities from harm.
On the other hand, hack and leak attacks leading to large volumes of data published online can have repercussions on individuals whose personal information is exposed putting them at risk from digital or physical attacks by actors seeking to exploit this information.
What are the primary digital impacts observed on the sector by country?
Can history shed light on the impact of attacks on this sector?
23 March 2022 - Central Bank of Russia, the Russian Federation
A threat actor claims to have breached the Central Bark of Russia and leaked 28GB worth of data which it made available for public download. These roughly 35,000 files contain some of the regulator’s “secret agreements” and may contain hundreds of audit reports and information on bank owners.
Societal harm/impact:
- Theft of 35,000 files and leak of 28GB worth of data which is now available for public download.
- This information is likely to contain personal and sensitive information.
Which threat actors have been linked to attacks on the sector during the conflict?
Name | Type | Origin | Number of attacks |
|---|---|---|---|
| NoName057(16) | Collective | 185 | |
| People's CyberArmy | Collective | 22 | |
| IT Army of Ukraine | Nation State | 19 | |
| Anonymous Russia | Collective | 17 | |
| KillNet | Collective | 13 | |
| Anonymous Italia | Collective | Unknown | 11 |
| Mirai | Collective | 10 | |
| Anonymous | Collective | Unknown | 8 |
| Netside Group | Collective | Unknown | 6 |
| Russian Hackers Community | Collective | Unknown | 5 |
| Kvazar DDoS | Collective | Unknown | 5 |
| Net Worker Alliance | Collective | Unknown | 5 |
| Zulik Group | Unknown | Unknown | 5 |
| Phoenix | Collective | 4 | |
| Anonymous Sudan | Collective | unknown | 3 |
| National Hackers of Russia (HXP) | Collective | Unknown | 3 |
| Bloodnet | Collective | Unknown | 3 |
| Nation State - Russian Federation | Nation State | 2 | |
| NB65 | Collective | Unknown | 2 |
| Legion Cyber Spetsnaz | Collective | 2 | |
| Ukrainian Cyber Alliance | Unknown | Unknown | 2 |
| Sandworm | Nation State | 1 | |
| The Black Rabbit World | Collective | Unknown | 1 |
| Russian Clay | Collective | Unknown | 1 |
| ChaosSec | Collective | Unknown | 1 |
| UserSec | Collective | Unknown | 1 |
| Web Invaders | Unknown | Unknown | 1 |
| SpyeEye Botnet | Unknown | Unknown | 1 |
| UAC-0006 | Unknown | Unknown | 1 |
| NLB | Unknown | Unknown | 1 |
| Kiborg | Unknown | Unknown | 0 |
Explore the data
Event Name | Event Country | Event Date | Event Type | Impact Category | Impact Description | Threat Actor Name |
|---|---|---|---|---|---|---|
| Campaign: DDoS attack against a credit insurance company | 2023-12-31 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| Campaign: DDoS attack against the website of a money and pension service | 2023-12-31 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| DDoS attack against the subdomain of a Ukrainian bank | 2023-12-29 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Campaign: DDoS attacks against the websites of two Finnish banks | 2023-12-29 | DDoS | Disruption | Disrupted connectivity to websites. Websites unavailable to foreign IP addresses. | NoName057(16) | |
| DDoS attack against the website of a Ukrainian state property fund | 2023-12-28 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Campaign: DDoS attack against the website of a money and pension service | 2023-12-28 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| Campaign: DDoS attacks against a credit insurance company and a commodity exchange | 2023-12-27 | DDoS | Disruption | Disrupted connectivity to websites. | NoName057(16) | |
| Campaign: DDoS attack against the website of a Dutch bank | 2023-12-25 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| DDoS attack against the website of a Ukrainian bank | 2023-12-24 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Campaign: DDoS attack against the website of an Austrian holding company | 2023-12-23 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) |
