Russia’s second-largest financial institution, VTB Bank, said it was facing the worst cyberattack in its history after its website and mobile apps were taken offline due to a DDoS attack. distributed service) in progress.

“At present, VTB’s technology infrastructure is under unprecedented cyberattack from abroad,” a VTB spokesperson told CASS (translated).

“This is not just the biggest cyberattack recorded this year, but in the entire history of the bank.”

The bank says its internal analysis indicates that the DDoS attack was planned and orchestrated for the specific purpose of causing inconvenience to its customers by disrupting its banking services.

At present, VTB’s online portals are offline, but the institute says all basic banking services are functioning normally.

Additionally, VTB claims that customer data is protected because it is stored within the internal perimeter of its infrastructure, which the attackers did not breach.

The bank claims to have identified that most malicious DDoS requests come from outside the country. However, several Russian IP addresses are also involved in the attack.

This means that foreign actors are using local proxies for attacks or have successfully recruited local dissidents into their DDoS campaign.

Information about these IP addresses was passed to Russian law enforcement authorities for criminal investigation.

VTB is 61% state-owned, with the Ministry of Finance and the Ministry of Economic Development having a stake in the group, so these attacks have a political tinge, being an indirect blow to the Russian government.

The “IT Army of Ukraine” claims an attack

The pro-Ukrainian hacktivist group, “IT Army of Ukraine”, claimed responsibility for the DDoS attacks against VTB, announcing the campaign on Telegram in late November.

The particular group of hacktivists was formed with the official blessing of the Ukrainian government in February 2022trying to strengthen the country’s cyber front.

Notable service disruptions caused by the “Ukrainian IT Army” include an outage of the portal used by vodka producers and distributors and the fall of Rostec locationsone of Russia’s leading aerospace and defense conglomerates.

Pro-Ukrainian hacktivists were very active in November, targeting more than 900 Russian entities, including stores selling military equipment and drones, the Central Bank of Russia, the National Center for the Development of Artificial Intelligence and Alfa Bank .

The first signs of disruption on VTB appeared on December 1, 2022, when hacktivists posted complaints about VTB customers on social media that the bank tried to downplay.

With the disruption to the bank’s services now more evident, with websites and mobile apps no longer available, VTB had to publicly admit that it was fighting a DDoS attack.