Sberbank, one of Russia’s largest financial institutions, had been hit by waves of cyberattacks, including a massive strike of DDoS or distributed denial-of-service attack, recorded as the largest one in its history. From the statement of the bank’s director, he mentioned that hackers had been attacking Sberbank in the past months.
Being the largest financial institution in Russia, many threat actors found Sberbank an interesting target for cyberattacks. Furthermore, the bank was also one of the many Russian firms sanctioned after the country invaded Ukraine, resulting in a severe restriction on its operations within Europe.
Also, following Russia’s war with Ukraine, many cybercriminal groups had sided with the latter country, thus making Sberbank a prime target for attacks.
The giant Russian bank reported suffering from the largest DDoS attack last May 6th, with 450GB per second of activity. DDoS attacks aim to disrupt a website’s normal traffic, possibly resulting in massive financial losses in its worst case.
Based on research, a botnet had backed the attack against the financial institution that had compromised devices from all over the US, the UK, Taiwan, and Japan. Some of the attack vectors performed by the threat operators in the campaign included the installation of malicious Chrome extensions, code injections into advertising scripts, and using Docker images for the DDoS operations.
More than 100,000 individual attackers were detected attacking Sberbank in the past months, while 46 simultaneous DDoS attacks also targeted several of their online services. Reports revealed that these detected attacks had leveraged the traffic on different online streaming websites, a tactic which Russian threat groups also used to attack Ukraine.
Malicious users that visit the giant Russian bank’s domain have specially crafted codes that can generate massive requests to the bank’s website, resulting in a service disruption.
Sberbank’s representative explained that their security teams have actively monitored the attack incidents against their websites. They also added that the massive waves of cyberattacks might continue to grow amid the war between the two countries.