Ukrainian military agencies, state-owned banks hit by DDoS attacks

The Ministry of Defense and the Armed Forces of Ukraine and two of the country’s state-owned banks, Privatbank (Ukraine’s largest bank) and Oschadbank (the State Savings Bank), are being hammered by Distributed Denial-of-Service (DDoS) attacks.

Today, Ukraine’s Cyberpolice also reported that bank customers received text messages claiming that bank ATMs were down, adding that they were “part of an information attack and do not correspond to reality.”

The Ukrainian Ministry of Defense, whose site has been taken down following the attacks, said that its “website was probably attacked by DDoS: an excessive number of requests per second was recorded.”

“Starting from the afternoon of February 15, 2022, there is a powerful DDOS attack on a number of information resources of Ukraine,” Ukraine’s State Service for Special Communication and Information Protection added.

“In particular, this caused interruptions in the work of web services of Privatbank and Oschadbank. The websites of the Ministry of Defense and the Armed Forces of Ukraine were also attacked.”

Ukrainian Defense Ministry site knocked down
Ukrainian Defense Ministry site knocked down (BleepingComputer)

While the Ukrainian defense ministry site has been knocked out, Oschadbank‘s and Privatbank‘s website is still accessible although customers cannot log in to their online banking accounts. 

The Ukrainian Center for Strategic Communications and Information Security said in a Facebook message that Privatbank users have been reporting problems with payments and with the bank’s mobile app.

Some added that they could not access their Privat24 internet banking accounts, while others have seen incorrect balances and recent transactions.

Privatbank’s web application firewall (WAF) was also updated with a traffic geofencing rule, automatically removing the website’s contents for IP addresses outside of Ukraine and showing a “BUSTED! PRIVATBANK WAF is watching you)” message.

PrivatBank site defaced
Privatbank geofencing (BleepingComputer)

On Monday, the Security Service of Ukraine (SSU) said the country is being targeted in an ongoing “massive wave of hybrid warfare” that aims to trigger anxiety and undermine Ukrainians confidence in the state’s ability to defend them.

The SSU added that it has already counteracted multiple such attempts linked to hostile intelligence agencies and dismantled bot farms targeting Ukrainian citizens with bomb threats and fake news designed to spread panic.

The country’s Computer Emergency Response Team warned of attacks against Ukrainian authorities, coordinated by the Gamaredon hacking group (linked to Russia’s Federal Security Service (FSB) by the Ukrainian security and secret services).

The SSU added one day later that it blocked more than 120 cyberattacks targeting Ukrainian state institutions throughout January 2022.

Microsoft also said earlier this month that Gamaredon has been coordinating a wave of spear-phishing emails targeting Ukrainian entities and orgs related to Ukrainian affairs since October 2021.

Update: Added info regarding Privatbank geoblocking traffic.