Cyber Incident Victim: European Investment Bank

On June 19, 2023, the European Investment Bank (EIB) was targeted in a cyberattack. The incident was publicly claimed earlier that day by the pro-Russian hacktivist group Killnet, which posted on its Telegram channel that it had targeted the inter-network infrastructure of the bank. The EIB subsequently confirmed these claims. At 4:20 p.m., the bank issued a statement via its official Twitter account, writing, "We are currently facing a cyber attack which affects the availability of eib.org and eif.org. We are responding to the incident." The primary impact of the attack was the disruption of the availability of the EIB's main public website, eib.org, and the website of the European Investment Fund, eif.org. At the time of the initial reporting, the websites remained inaccessible.

This cyberattack was not an isolated event but part of a broader campaign of threats against European financial institutions by pro-Russian hacking groups. The motivation was explicitly linked to European support for Ukraine. In its Telegram posts, the Killnet group issued threats against the Western financial system, questioning the health of the IBAN banking system and suggesting that transfer systems were being affected. The group proclaimed, “Today we are starting to impose sanctions on the European banking transfer systems SEPA, IBAN, WIRE, SWIFT, WISE.” This rhetoric framed the attacks as a form of retaliatory sanctions against Europe. The attack coincided with recent threats from Russia about destabilizing the Western financial system, providing a geopolitical context for the incident.

The group responsible, Killnet, had recently aligned with other hacker collectives. Three days prior to the attack, on June 16, the groups Killnet, Anonymous Sudan, and REvil proclaimed themselves as a collective entity called the "Darknet Parliament." This phrase quickly became a trending keyword among threat analysts on Twitter. The groups stated that they had held a meeting and came to a common decision referred to as "SOLUTION №0191," which served as the basis for initiating their campaign against European banking transfer systems. The involvement of Anonymous Sudan added a notable dimension, as that group had recently been responsible for a significant outage at Microsoft that affected 365 software suites, including Teams and Outlook, for thousands of users in the United States.

The technical scope of the attack on the EIB was focused on causing a denial-of-service condition, rendering its public-facing websites unavailable. The bank's immediate response was to acknowledge the incident publicly and state that its team was actively working to respond to it. The specific response actions taken by the EIB's security team were not detailed in public statements, but the acknowledgment indicated that incident response protocols were activated. The consequence was a temporary loss of web presence for the bank and its affiliated fund, potentially disrupting public access to information and services hosted on those domains. There was no indication from the available information that internal banking systems, financial transaction networks, or customer data were compromised; the impact appeared confined to website availability.

The incident highlights the use of cyber tactics by hacktivist groups to achieve geopolitical goals. The attack on the EIB was a component of a larger announced campaign targeting fundamental European financial transfer systems, including SEPA, SWIFT, and WISE. By choosing a high-profile international financial institution like the EIB, the attackers aimed to generate maximum psychological impact and demonstrate their capability to disrupt elements of the financial sector. The public nature of the claims on Telegram and the bank's confirmation on Twitter created a narrative that extended beyond the technical disruption, serving as a form of psychological warfare and propaganda. The bank's timely public acknowledgment served to provide transparency and manage the public relations aspect of the incident while its technical teams worked on restoration efforts.