Cyber Incident Victim: Central Bank of Malta
Date:
Jun 2023
Location:
Malta
Summary
The Central Bank of Malta was targeted in a cyber attack claimed by the Turk Hack Team. The group publicized its responsibility for the incident on Twitter, accompanied by screenshots indicating a successful disruption. The attack resulted in a major website outage, with evidence pointing to a Distributed Denial-of-Service (DDoS) attack that prevented the site from processing requests. No further details or motives for targeting the financial institution were provided by the hacking group.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around June 18, 2023, the official website of the Central Bank of Malta experienced a significant disruption to its normal operations, rendering it inaccessible to users. This outage constituted a major cyber incident for the Maltese financial institution. The disruption was characterized by the website's inability to process user requests effectively, a primary symptom of an availability attack. The threat actor group known as Turk Hack Team publicly claimed responsibility for this cyber attack. The group utilized the social media platform Twitter as its channel for this announcement, a common tactic used by hacktivist groups to garner attention and publicize their actions. As part of their claim, the group published accompanying evidence in the form of screenshots. These screenshots visually documented the website's impaired state, providing purported proof that their actions were the direct cause of the observed service interruption.
The technical nature of the attack, as evidenced by the symptoms displayed on the website and the group's own claim, was a Distributed Denial-of-Service (DDoS) attack. This type of cyber attack is designed to overwhelm a target's online infrastructure, such as web servers, with a flood of internet traffic from multiple sources. The objective is to exhaust the target's resources, making its services slow to respond or completely unavailable to legitimate users. In this instance, the Central Bank of Malta's web presence was the specific target, indicating the attack was focused on causing reputational damage and disrupting public access to information rather than targeting core banking systems or financial data. The public-facing website serves as a critical portal for information dissemination, and its downtime directly impacts the institution's ability to communicate with citizens, businesses, and international partners.
Turk Hack Team is identified as a notorious group within the cybersecurity community with a history of conducting audacious cyber offensives. The group has established a reputation for its activities, though the specific motivations behind selecting the Central Bank of Malta as a target were not disclosed by the attackers in their public statements. The group's announcement was limited to taking credit for the disruption and did not elaborate on any political, ideological, or financial reasons for the attack. The lack of a stated motive is not uncommon among such groups, where the act of disruption itself and the associated publicity are often the primary goals. The attack underscores a recurring pattern where financially critical national institutions remain high-value targets for hacktivist groups seeking maximum impact and visibility.
The immediate impact of the DDoS attack was the sustained unavailability of the Central Bank of Malta's website. This outage prevented any member of the public, including journalists, researchers, economists, and commercial entities, from accessing the information hosted on the site. This information typically includes official press releases, financial reports, regulatory guidelines, and economic data, which are essential for the transparent operation of a national financial authority. The disruption therefore had an operational impact, hindering the bank's core function of disseminating important financial information to the public. The incident also carried a significant reputational impact, as any successful cyber attack on a central bank can erode public confidence in the institution's ability to secure its digital assets and maintain operational resilience against threats.
The response to the incident involved public claims and acknowledgments made through online channels. Since the attack was primarily against public-facing infrastructure, the initial detection likely occurred through internal monitoring systems that track website performance and availability, alerting IT staff to the abnormal traffic patterns or complete service failure. The bank's cybersecurity and IT teams would have initiated their incident response protocols to contain the situation. The standard containment procedure for a DDoS attack involves mitigating the flood of malicious traffic to restore service. This is often achieved by working with upstream internet service providers or dedicated DDoS mitigation services to filter out the attack traffic before it can reach the bank's servers. The ultimate consequence of the attack was a temporary but complete loss of web service, demonstrating the susceptibility of even highly fortified and critical financial institutions to this particular type of cyber offensive. The event served as a stark reminder that availability attacks, while often less complex than data breaches, can effectively disrupt the core public-facing operations of essential national entities.