Pro-Russia Hackers Vow To Bring Western Financial System Down In 48 Hours

June 22, 2023
Russian hacker groups claimed responsibility for bringing down the European Investment Bank's (EIB) websites, as they vow to cripple the Western financial system in the coming days.

  • Targets include SWIFT, US Federal Reserve and banks.
  • EIB did not confirm claims that Russian groups are behind the attack.
  • Even if the attack is successful, experts estimate little impact.

Russian hacker groups claimed responsibility for bringing down the European Investment Bank's (EIB) websites, as they vow to cripple the Western financial system in the coming days.

On Monday (June 19) afternoon, EIB confirmed on Twitter that it was facing a cyber attack that affects the availability of its and websites.

Pro-Russian hacker groups KillNet, REvil and Anonymous Sudan claimed the attack as part of a campaign against the Western banking sector.

The popular Russian online news service Mash claimed the hackers “infected everything with malware and took everything under their control”.

“According to our data, the entire EIB and its functionality will not work for at least ten days,” Mash wrote on its Telegram channel.

According to Mash, the attack is part of a campaign aimed at bringing down the West’s financial system. The hackers' targets include SWIFT, the US Federal Reserve (the Fed) and other European and US banks.

“Russian hackers have announced a powerful attack on the Western financial system in the next 48 hours,” Mash wrote last Wednesday (June 14).

“Task number one is to paralyse the work of SWIFT.”

EIB does not confirm Russian attack

However, EIB itself has not confirmed the groups behind the attacks and warned against prematurely linking the two events.

“While we have seen groups claiming responsibility for the incident, we will not speculate at this stage,” an EIB spokesperson told VIXIO.

He added that the EIB's IT security teams “are responding to the incident with appropriate measures”.

The Fed did not comment by the time of publication.

Meanwhile, a spokesperson for SWIFT confirmed to VIXIO that their services are functioning normally.

SWIFT has found itself a target in the hackers' campaign after EU policymakers banned several large Russian and Belarusian banks from the international messaging network, to make it harder for Russia to fund the war against Ukraine.

Even if successful, attacks do not pose real threat

Cyber incidents have grown significantly in recent years with some estimates predicting that it will cost the world $10.5tn annually by 2025.

However, based on the information currently available, it is unlikely that attacks by these groups could pose a significant threat to the financial system in Europe or North America.

“While annoying, these attacks pose a minimal threat to data security,” said Kevin Reed, CISO at Swiss cybersecurity firm Acronis.

Killnet and Anonymous Sudan are primarily known for "distributed denial-of-service attacks" (DDoS attacks) on public websites.

According to Reed, this is “not a real hacking attack, but merely an attempt to overload these sites with an excessive number of requests”.

“If this happens, it will have no impact on SWIFT's network operation.”

Given that SWIFT uses dedicated channels and its core infrastructure and operating centres are isolated from the internet, Reed says he does not expect a major impact on the availability and security of the banking system.

VIXIO could not verify whether these pro-Russian groups were indeed involved in the incident on EIB’s websites.

KillNet was formed shortly after the Russian invasion of Ukraine and has targeted several government agencies to block sending aid to Ukraine. It has been known to overstate the success of its activities to gain bigger media coverage.

Last October, KillNet claimed it had blocked the entire network infrastructure of JP Morgan; however, the US bank said the DDoS attacks did not have any impact on its operations.

REvil, on the other hand, could pose a higher threat, according to Reed. However, despite its claims to the contrary, there is no evidence of REvil being involved in hacking attacks.

REvil was a ransomware group that stopped operating in January 2022 after a Russian crackdown. Some alleged former REvil gang members have since started cooperating with the Russian government.

“REvil is definitely [a] more experienced group and if they are indeed involved we may witness some financial organisations being compromised”, Reed said.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.
No items found.