In a recent incident of cyber aggression, the Russian hacktivist group NoName057 (16) launched a series of Distributed Denial of Service (DDoS) attacks against several Czech banks and the stock exchange. The attackers demanded that these financial institutions cease their support for Ukraine, adding a geopolitical dimension to the cyberattack. Despite the disruption caused by the attacks, experts have assured the public that the financial assets of bank clients remain secure.

The targeted banks, including Komercni banka, CSOB, Air Bank, and Fio banka, experienced varying levels of disruption to their online services as a result of the DDoS attack. The Czech Banking Association (CBA) reported that most of the banks were able to restore their services during the morning, with CSOB resuming online operations after 3pm on the same day. The National Cyber Security Office (NUKIB) confirmed that the attack impacted the availability of these financial institutions’ systems.

In addition to the banks, the hacktivist group also targeted the Prague Stock Exchange, rendering its website unavailable for an extended period. According to NUKIB spokesperson Eva Rajlichova, these DDoS attacks were designed to disrupt the availability of systems rather than compromise financial transactions or client data.

Experts emphasize that the attacks highlight a concerning trend where Russian hacking groups engage in cyber campaigns against countries and organizations they perceive as supporting Ukraine. Miloslav Lujka of Check Point noted that similar attacks recently occurred in Poland, affecting the Warsaw Stock Exchange and several banks.

The NoName057 (16) group, which operates through platforms like Telegram, aims to spread fear and disinformation through their attacks. They encourage volunteers to participate in their DDoS projects, offering financial rewards for active participants. PwC cybersecurity expert Marek Nejedly pointed out that the primary goal of these attacks is to create panic and draw attention, rather than cause financial harm.

Martin Chlumecky of Avast Threat Labs noted a shift in the group’s approach, from conducting covert DDoS attacks to openly recruiting hacktivists to join their cause. This new approach involves utilizing the DDosia tool to target sites with anti-Russian and Russophobic content.

While the attacks caused temporary disruption, industry insiders like Citadelo CEO Tomas Zatek caution that such events could potentially serve as distractions for more sophisticated attacks on banks’ internal systems or data. Despite the temporary setbacks caused by the DDoS attacks, the impacted financial institutions managed to restore their services within hours, underscoring the resilience of their cybersecurity measures.

As the investigation continues, experts stress that the incident underscores the need for organizations to remain vigilant and proactive in bolstering their cybersecurity defenses against evolving threats, especially those with political motivations.

Article by Prague Forum