Hackers Attack Czech Banks, Demanding End of Support For Ukraine
Experts told CTK that there was no risk to the finances of the banks’ clients. Credit: Freepik.
Prague, Aug 31 (CTK) – Hackers from the Russian hacktivist group NoName057 (16) attacked Czech banks and the stock exchange yesterday, demanding that the institutions stop supporting Ukraine.
Experts told CTK that there was no risk to the finances of the banks’ clients; the only complication for clients was the temporary lack of access to online banking.
Komercni banka, CSOB, Air Bank and Fio banka experienced problems after the DDoS attack, while the Ceska Sporitelna website was operating slowly. Most banks managed to restore services during the morning, and CSOB was back online after 3pm, according to statements from the banks and the Czech Banking Association (CBA).
The DDoS attacks on some Czech banks affected the availability of their systems, said the National Cyber Security Office (NUKIB).
Hackers also attacked the website of the Prague Stock Exchange, which remained unavailable until the evening.
“These are DDoS attacks that affect the availability of some of the systems of these institutions,” NUKIB spokeswoman Eva Rajlichova told CTK around noon. “We are cooperating with the entities which were attacked and providing them with the maximum possible cooperation in resolving the situation.”
“Russian hacking groups regularly attack countries and organisations around the world that they suppose are somehow supporting Ukraine,” said Miloslav Lujka of Check Point. “This is a massive campaign to spread fear and disinformation. A few days ago, for example, the group organised attacks in Poland, where they managed to bring down the websites of the Warsaw Stock Exchange and several banks.”
The DDoS attacks, which attempt to overwhelm servers with a large number of requests, came from the DDosia network of controlled computers, belonging to the NoName057 group (16).
“In this case, the NoName057(16) group is politically motivated and demands that institutions stop supporting Ukraine,” said PwC cybersecurity expert Marek Nejedly. “There is no need to worry about money in this type of attack, no reason for panic. The only negative consequence of this type of attack is that web access is not working for bank clients, but the banks can cope with this, and soon everything will be fine again. The attackers want to stir up panic, to draw attention, to scare people that they are in danger. In reality, however, there is no need to worry.”
NoName057(16) communicates primarily through Telegram; it has a main Russian-language channel with more than 20,000 members, as well as an English-language channel, and offers volunteers participation in DDosia Projects, via which they can join planned attacks. “The most active ones even receive a financial reward of up to CZK 25,000,” said Lujka.
“Right from the start of the war in Ukraine, we have seen an increase in DDoS activity via the Bobik malware, so infected victims were unaware that their computer was conducting DDoS attacks,” noted Martin Chlumecky of Avast Threat Labs. “However, the NoName057(16) group has changed its philosophy and is publicly calling for people on social media to join as hacktivists and download the DDosia tool, which will attack sites with anti-Russian and Russophobic content.”
The attacks will have a minimal impact on the financial sector, because they are not serious or comprehensive, he said.
Citadelo CEO Tomas Zatek says it was unusual that the attack was synchronised across five domestic banks, so it could be a cover for completely different and more sophisticated attacks, while the banks’ IT departments are busy with DDoS campaigns.
Most of the affected banks managed to restore their services within a few hours, and CSOB in the afternoon.
“The important thing is that this is not an attack on the bank’s internal systems or client accounts… At the moment, access to our banking system has been restored,” said Komercni banka spokeswoman Jana Pokorna before 11am.
“Everything is fine now. Mobile banking was working all the time, and the website was slowed down for only 45 minutes,” Ceska Sporitelna bank spokesman Filip Hruby told CTK an hour before noon.
“According to our information, this is the result of an organised cyber attack from abroad, which is targeting the Czech banking sector and has hit several domestic banks,” Fio Bank spokesman Jakub Hermanek said, adding that before noon, the bank systems were running again.
Air Bank reported a mobile and Internet banking outage before 9:30am, and announced that the problem had been fixed about an hour later.
CSOB said before 3:30pm that its services were back up and running after the cyber attack.
Stock exchange spokesman Jiri Kovarik told CTK yesterday morning that the Prague Stock Exchange website had also become the target of flooding attacks, and they were working to eliminate the problem. The website became available again before 7pm.