Cyber Incident Victim: Československá obchodní banka
Date:
Mar 2023
Location:
Czechia
Summary
Československá obchodní banka experienced a cyberattack attributed to the pro-Russian hacktivist group NoName057(16), resulting in temporary disruptions to internet banking, mobile applications, and online card payment services. The bank confirmed the outage did not compromise internal systems, ensuring client funds and data remained secure while ATM services functioned normally throughout the incident. The attackers, historically active against entities supporting Ukraine, claimed responsibility through Telegram channels showcasing their involvement in coordinated DDoS operations that targeted financial and governmental institutions. Service functionality was restored within hours, though isolated disruptions remained possible. The group recruits volunteers via its "DDosia Projects" platform, offering financial incentives for participation in attacks primarily motivated by geopolitical retaliation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Československá obchodní banka (ČSOB) experienced a disruptive cyberattack on March 3, 2023, resulting in widespread service outages across its digital platforms throughout the morning hours. The attack primarily disrupted online banking services, mobile banking applications, and internet-based card payments, preventing customers from completing transactions via these channels. ČSOB’s internal network remained uncompromised, ensuring the security of customer financial assets and personal data. ATM cash withdrawals continued functioning normally despite the attack. By approximately 1:30 PM local time, the bank successfully restored all affected services, though sporadic residual outages remained possible in isolated cases. Patrik Madle, ČSOB’s spokesperson, publicly confirmed the incident as a brief external cyberattack while emphasizing the integrity of core banking systems. Technical recovery efforts concluded within hours without necessitating extraordinary security measures beyond standard incident response protocols.
Check Point Software Technologies attributed the attack to the Russian-aligned hacktivist collective NoName057(16), an entity active since March 2022 with presumed connections to geopolitical tensions stemming from Russia’s invasion of Ukraine. This group previously targeted Czech infrastructure during the 2023 presidential elections, including governmental websites, candidate platforms, and manufacturing sector entities. Concurrently with the ČSOB attack, NoName057(16) launched assaults against Slovakian institutions including the Ministries of Interior and Defense and Slovenské elektrárne energy company. The attackers publicly claimed responsibility on their Telegram channels, framing the operation as retaliation for Czech support of Ukraine. Their operational model includes the DDosia Projects initiative, recruiting volunteers for distributed denial-of-service attacks with compensation up to 25,000 CZK for high contributors. Check Point analysts verified the attribution through routine security monitoring and correlation with the group’s historical attack patterns and public postings. The incident marked another instance of the group targeting nations supporting Ukraine since the conflict's onset, leveraging coordinated disruption campaigns against financial and governmental targets to advance pro-Russian objectives.