The German Federal Financial Supervisory Authority (BaFin) announced today that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website since Friday.
BaFin is Germany’s financial regulatory authority, part of the Federal Ministry of Finance, responsible for supervising 2,700 banks, 800 financial, and 700 insurance service providers.
The regulator is known for its law enforcement role in Germany and internationally. In recent years, it imposed $10M and $5M fines on the Deutsche Bank and the Bank of America, respectively, for various violations.
The German agency informed today that it has taken all the appropriate security precautions and defensive measures to shield its operations from the hackers.
Part of the response measures is to take BaFin’s public website at “bafin.de” offline; however, the organization assures that all other systems, which are crucial for its mission, work without restrictions.
Although some users might be able to access BaFin’s website intermittently, it is mostly unavailable.
BaFin’s public website hosts consumer and regulation information, measures, warnings, and also serves as a space to publish important documents relating to the agency’s investigation activities and findings.
Also, the site hosts a database of registered companies and public tenders, a job vacancies space, and a platform for whistleblowers to report violations anonymously. All that has remained inaccessible since Friday.
BaFin says its IT team works intensively to fully restore public access to the website but it cannot estimate when its pages .
It is unclear who is behind the DDoS on the German financial authority but it is possible that pro-Russian hacktivists are responsible for the country’s supportive stance towards Ukraine, which includes financial and military equipment aids.