February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs
December 8, 2022Rewterz Threat Alert – NJRAT – Active IOCs
December 8, 2022Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs
December 8, 2022Rewterz Threat Alert – NJRAT – Active IOCs
December 8, 2022
Severity
High
Analysis Summary
The second-largest financial institution in Russia, VTB Bank, claims to be dealing with the worst cyberattack in its history after a Distributed Denial Of Service (DDOS) attack forced the closure of both its website and mobile apps.
“It is not only the largest cyberattack recorded this year but in the entire history of the bank.” reads the statement
‘IT Army of Ukraine,’ a pro-Ukraine hacktivist organization, has claimed responsibility for the DDoS strikes against VTB by announcing the campaign on Telegram in November.
source
The bank claims that internal analysis shows that the DDoS attack was planned and orchestrated with the specific aim of disturbing the bank’s customers by interfering with their banking services.
‘The bank’s technological infrastructure is under an unprecedented cyber attack from abroad’, reads a statement issued by the Russian bank.
Customers of the bank are experiencing issues since they cannot use the bank’s website or mobile application. The bank further stated that the cyberattack did not affect or compromised any consumer data.
The bank says that, despite the majority of malicious traffic coming from outside the country, Russian IP addresses were also used in the attacks. VTB notified law enforcement to take over the Russian IP addresses. Also, The Russian law enforcement agencies have been informed about these IP addresses in order to conduct a criminal investigation.
This financial institution is 61% state-owned, with shares held by the Ministries of Finance and Economic Development, so these attacks have a political undertone, acting as an indirect blow to the Russian government.
Cyber attacks against the infrastructure of government and commercial Russian enterprises increased following the start of Russia’s invasion of Ukraine.
Among the notable service interruptions caused by the ‘IT Army of Ukraine’ includes an outage in the portal used by vodka producers and distributors, as well as the downing of Rostec’s website (Russian aerospace and defense firm).
In recent weeks, Pro-Ukraine hacktivists have targeted several Russian banks, including the Central Bank of Russia and Alfa Bank.
Impact
- Services Disruption
- Unavailability of Websites & Mobile Apps