Cyber Incident Victim: Russia
Date:
Jul 2024
Location:
Russia
Summary
A Ukrainian cyberattack conducted by the Main Intelligence Directorate targeted Russian financial institutions and related infrastructure, disrupting ATM services, blocking debit and credit card transactions, and freezing payment systems across multiple major banks. The attack also compromised banking databases, interrupted public transport payments, and caused outages for telecommunications providers and social networks, with impacts intensifying over several days.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A large-scale cyberattack attributed to Ukrainian intelligence forces began targeting Russia's financial and telecommunications infrastructure on July 23, 2024. The Main Intelligence Directorate of Ukraine's Ministry of Defense (HUR) initiated coordinated operations against Russian banking institutions involved in funding military aggression, with impacts escalating through July 27. Initial disruptions paralyzed payment systems and mobile banking applications across multiple financial institutions, followed by outages in personal banking interfaces and public transport payment networks. Telecommunications providers Beeline, MegaFon, Tele2, and Rostelecom experienced service interruptions that compounded the banking disruptions, while popular online messengers and social media platforms also came under attack. By the fifth day of sustained operations, ATM networks at major banks became completely nonfunctional - customers attempting withdrawals found their debit and credit cards immediately blocked by compromised systems.
The cyber campaign progressively expanded its target list to include Dom.RF alongside previously affected institutions VTB Bank, Alfa-Bank, Sberbank, Raiffeisen Bank, RSHB Bank, Rosbank, Gazprombank, Tinkoff Bank, and iBank. Ukrainian intelligence sources confirmed penetration of core banking databases at multiple financial institutions, though specific compromised data types remained unspecified. The attack's cascading effects created nationwide payment processing failures that disrupted civilian financial activities, with operational impacts intensifying rather than subsiding as the week progressed. Telecommunications infrastructure supporting mobile networks and internet services experienced intermittent functionality issues that exacerbated banking system outages. Ukrainian officials characterized the offensive as an unprecedented sustained cyber campaign against Russia's financial sector, noting the operation continued gaining momentum through at least July 27 with no apparent containment or mitigation by Russian cybersecurity forces.