Cyber Incident Victim: Monobank
Date:
Oct 2022
Location:
Ukraine
Summary
Following Russian missile strikes causing widespread power outages and internet disruptions in Ukraine, pro-Russia hackers launched a distributed denial-of-service (DDoS) attack targeting Monobank, a Ukrainian mobile bank. The attack peaked at 6 million requests per minute and coincided with a successful crowdfunding campaign on the platform for Ukrainian-made kamikaze drones, which raised over $5.7 million within eight hours despite the cyber assault. While the DDoS temporarily disrupted services, the bank's operations persisted, and no hacking group claimed responsibility. The incident occurred amid broader cyberattacks against Ukrainian infrastructure, including websites of commercial and industrial entities, though Ukrainian officials characterized these efforts as poorly coordinated. Critical infrastructure resilience relied on backup generators and satellite internet systems amid ongoing physical and digital assaults.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 10, 2022, following a series of Russian missile and drone strikes targeting Ukrainian critical infrastructure, widespread power outages disrupted internet and mobile communications across Ukraine. Cloudflare data indicated internet availability dropped 35% below normal levels by 07:30 UTC, with connectivity remaining unstable into the next day due to ongoing attacks on energy facilities. Over 1,000 settlements lost power, prompting authorities to urge citizens to conserve mobile and electricity usage. Telecommunications providers relied on generators and Starlink systems to maintain services amid physical infrastructure damage. Concurrently, pro-Russia hackers launched a distributed denial-of-service (DDoS) attack against Ukrainian mobile bank Monobank, flooding it with approximately 6 million requests per minute. The attack coincided with a Monobank-hosted crowdfunding initiative for Ukrainian-made RAM II kamikaze drones, which raised $5.7 million within eight hours despite the cyber assault. Monobank co-founder Oleg Gorokhovsky confirmed the attack originated from actors opposing the fundraising effort, though no group claimed responsibility.
The DDoS attack failed to disrupt Monobank’s operations or halt donations, demonstrating the bank’s operational resilience. Separately, the pro-Russian Cyber Army group claimed via Telegram to have compromised websites belonging to the Lviv Chamber of Commerce and an armored vehicle manufacturer, though both sites remained operational without incident reports. Ukrainian cybersecurity officials, including Victor Zhora of the State Service of Special Communications, characterized pro-Kremlin cyber operations as disorganized, noting attackers often sought access before determining objectives. The incident occurred against a backdrop of Ukrainian warnings about anticipated Russian cyberattacks targeting energy systems to amplify physical strikes, referencing historical precedents like the 2015 BlackEnergy and 2016 Industroyer grid attacks. While missile strikes achieved comparable infrastructure disruption, the Monobank cyberattack exemplified concurrent hybrid tactics aimed at undermining civilian morale and financial support mechanisms during kinetic assaults.