Russia’s second-largest bank has admitted it is battling the largest DDoS attack in its history, in what is likely to be another effort by pro-Ukrainian hacktivists.
Although the bank stressed that its systems were operating normally and that customer data was safe, reports suggest its app and website have been suffering temporary outages.
“The bank’s technological infrastructure is under an unprecedented cyber-attack from abroad,” VTB reportedly said in a statement. “The largest not only this year, but in the whole time the bank has operated.”
“An analysis of the DDoS attack indicates that it is planned and large-scale. Its purpose is to cause inconvenience to the bank’s customers by hindering the operation of banking services.”
DDoS attacks on Russian and Ukrainian organizations have been a feature of the war so far, as hacktivists on both sides try to make an impact.
According to one report, DDoS attacks originating from Ukraine increased 363% in March compared to the average before February this year.
Early on in the conflict, Ukraine took the unprecedented step of setting up a Telegram channel to guide and encourage an “IT army” of hacktivists to take aim at specific Russian targets. VTB was singled out as a potential target on this channel last month.
Among the victims to date have been the Moscow Stock Exchange, national carrier Aeroflot, various Kremlin websites and major lender Sberbank.
Also disrupted was a key online portal on which alcohol distributors in Russia rely to register their shipments.
However, Russia has also been responsible for several waves of attacks, both on Ukrainian targets and those outside the country, such as the European Parliament.
VTB’s statement hinted that some of the IP addresses used in the latest attack may have come from inside the country.
“Most of the requests to the bank’s services during the attack were generated from foreign segments of the internet, however, the presence of malicious traffic from Russian IP addresses is of particular concern,” it noted.
“We do not exclude that some of these Russian addresses could be among the participants in the attack as a result of cyber fraud. All identified Russian IP addresses will be handed over to law enforcement agencies for verification, since organizing and participating in a DDoS attack is a criminal offense.”