Cyber Incident Victim: Bank of Moscow
Date:
Nov 2016
Location:
Russia
Summary
A hacker operating under the alias "vimproducts" claimed responsibility for launching distributed denial-of-service (DDoS) attacks against multiple Russian financial institutions, including the Bank of Moscow, during the U.S. election period. The attacks temporarily disrupted access to several banking websites, rendering three of four targeted platforms unresponsive or offline approximately an hour after the assaults began. The perpetrator attributed the motivation to clients angered by Russia's alleged interference in the election, while simultaneously criticizing the victims' cybersecurity measures as inadequate. The hacker advertised their DDoS-for-hire services through a dark web marketplace, offering tiered pricing based on target size and protection levels, and sought media attention to amplify publicity for their business. An attempted attack against a Russian government economic development website failed to achieve disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 8, 2016, coinciding with the U.S. presidential election, a hacker using the alias "vimproducts" launched distributed denial-of-service (DDoS) attacks against multiple Russian financial institutions, including the Bank of Moscow. The attacker proactively contacted journalists from Motherboard to document the incident, demonstrating live access to the websites before initiating the attacks. Targets included the Moscow Exchange, Bank of Moscow, Rosbank, and Alfa-Bank. Vimproducts sequentially disrupted these sites by overwhelming them with traffic, rendering them either unresponsive or completely offline. Within approximately one hour of the attacks commencing, three of the four banking websites remained inaccessible. The attacker also attempted to disrupt the Russian Ministry of Economic Development’s website but failed despite multiple efforts, as the site maintained functionality throughout the incident.
The attacks were conducted through a DDoS-for-hire service operated by vimproducts, who stated that clients commissioned the disruptions due to dissatisfaction with Russia’s alleged interference in the U.S. election. Vimproducts advertised tiered pricing on the AlphaBay dark web marketplace, charging $25 per day for standard attacks or $150 for targeting protected or medium-to-large websites, though he declined to specify the exact payment received for these attacks. The primary operational impact was sustained website downtime for the financial institutions, impairing public access to their online services. Vimproducts publicly criticized the affected banks’ cybersecurity measures, asserting their DDoS protections were inadequate and that the attacks succeeded due to fundamental security flaws. The attacker explicitly acknowledged leveraging the timing for promotional purposes, stating that targeting Russian entities on Election Day benefited his business’s visibility while damaging Russia’s reputation. No mitigation efforts or technical responses from the victim organizations were documented in the available reporting.