Ukrainian Military Agencies, Banks Hit by DDoS Attacks, Defacements
The Ministry of Defense and the Armed Forces of Ukraine and two of the country’s state-owned banks, Privatbank (Ukraine’s largest bank) and Oschadbank (the State Savings Bank), are being hammered by Distributed Denial-of-Service (DDoS) attacks.
Today, Ukraine’s Cyberpolice also reported that bank customers received text messages claiming that bank ATMs were down, adding that they were “part of an information attack and do not correspond to reality.”
The Ukrainian Ministry of Defense, whose site has been taken down following the attacks, said that its “website was probably attacked by DDoS: an excessive number of requests per second was recorded.”
“Starting from the afternoon of February 15, 2022, there is a powerful DDOS attack on a number of information resources of Ukraine,” Ukraine’s State Service for Special Communication and Information Protection added.
“In particular, this caused interruptions in the work of web services of Privatbank and Oschadbank. The websites of the Ministry of Defense and the Armed Forces of Ukraine were also attacked.”
While the Ukrainian defense ministry site has been knocked out, Oschadbank’s website is still accessible although customers cannot log in to their online banking accounts.
Privatbank’s site was also defaced earlier today, with the attackers removing the website’s contents and adding a “BUSTED! PRIVATBANK WAF is watching you)” message.
The Ukrainian Center for Strategic Communications and Information Security said in a Facebook message that Privatbank users have been reporting problems with payments and with the bank’s mobile app.
Some added that they could not access their Privat24 internet banking accounts, while others have seen incorrect balances and recent transactions.
On Monday, the Security Service of Ukraine (SSU) said the country is being targeted in an ongoing “massive wave of hybrid warfare” that aims to trigger anxiety and undermine Ukrainians confidence in the state’s ability to defend them.
The SSU added that it has already counteracted multiple such attempts linked to hostile intelligence agencies and dismantled bot farms targeting Ukrainian citizens with bomb threats and fake news designed to spread panic.
The country’s Computer Emergency Response Team warned of attacks against Ukrainian authorities, coordinated by the Gamaredon hacking group (linked to Russia’s Federal Security Service (FSB) by the Ukrainian security and secret services).
The SSU added one day later that it blocked more than 120 cyberattacks targeting Ukrainian state institutions throughout January 2022.
Microsoft also said earlier this month that Gamaredon has been coordinating a wave of spear-phishing emails targeting Ukrainian entities and orgs related to Ukrainian affairs since October 2021.
Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.
Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.