Cyber Incident Victim: Komerční banka
Date:
Aug 2023
Location:
Czechia
Summary
Multiple Czech banks, including Komerční banka, experienced cyberattacks disrupting online banking services and websites. The incidents involved DDoS attacks that overwhelmed networks with excessive requests, leading to operational outages. The Czech Office for Cyber and Information Security confirmed the nature of the disruptions affecting several financial institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 30, 2023, multiple Czech financial institutions experienced coordinated cyberattacks beginning Wednesday morning. Komerční banka, Česká spořitelna, ČSOB, Air Bank, and Fio banka reported operational disruptions affecting their online services. The attacks specifically targeted internet banking platforms and institutional websites, causing intermittent or complete unavailability for customers attempting to access digital banking functions. Technical teams across affected banks detected anomalous traffic volumes overwhelming their networks during morning operations, though the precise start time remained unspecified in public reports. The Czech Office for Cyber and Information Security (NÚKIB) promptly investigated the incidents and publicly attributed the disruptions to distributed denial-of-service (DDoS) attacks. These attacks functioned by directing massive volumes of artificial network requests toward bank infrastructure, exceeding normal traffic capacity thresholds and degrading service accessibility. No bank disclosed specific technical details regarding attack vectors, traffic volumes, or geographic origins of malicious traffic at this initial stage.
The operational impact manifested exclusively as service availability issues, with no public evidence suggesting data breaches, financial theft, or system compromises beyond temporary access disruption. Banking institutions activated incident response protocols to mitigate the attacks, though specific countermeasures such as traffic filtering or infrastructure scaling were not detailed in immediate communications. NÚKIB's confirmation of DDoS methodology provided the only authoritative characterization of attacker techniques during the event's initial phase. Customer transactions through physical branches and ATM networks reportedly continued without interruption, limiting the attack's financial consequences to digital service delays. The coordinated nature of disruptions across five competing financial entities indicated a broad targeting strategy rather than institution-specific objectives. No group claimed responsibility, and authorities did not speculate about potential perpetrators or motives during the immediate aftermath. Service restoration timelines varied by institution, with most reporting stabilized operations within the business day following ongoing mitigation efforts against the volumetric attacks.