Cyber Incident Victim: Arab National Bank
Date:
Feb 2015
Location:
Saudi Arabia
Summary
A Saudi hacking group known as "oppressed defenders" disrupted the Arab National Bank's online banking services through a distributed denial-of-service (DDoS) attack as part of their Operation Saudi campaign targeting financial institutions. The attackers aimed to pressure the Saudi regime to address human rights violations and alter domestic policies, citing prior disruptions to Samba, AlAhli, Riyad, and AlJazira banks as warnings. The incident rendered the victim's digital banking domain inaccessible, mirroring previous tactics used against other Saudi entities, with the group threatening escalated cyber operations if their demands remained unmet.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 23, 2015, the Arab National Bank (ANB), a major financial institution based in Riyadh and ranked among the top ten banks in the Middle East, experienced a disruptive cyberattack targeting its online banking domain. A hacking group identifying itself as "oppressed defenders" or "OpSaudi" claimed responsibility for the attack, which rendered ANB's online banking services inaccessible early that Monday. The group employed a Distributed Denial of Service (DDoS) attack methodology, overwhelming the bank's web infrastructure to force an outage. This incident formed part of a broader campaign labeled Operation Saudi, through which the hackers explicitly targeted Saudi financial institutions to protest alleged human rights violations by the Saudi government. The attackers characterized the ANB disruption and prior incidents affecting Samba Financial Group, Alahli Bank, and Riyad Bank as "small warnings" intended to pressure the Saudi regime. They issued public threats of escalating attacks unless the government altered its domestic policies and addressed citizen grievances. Screenshots confirmed ANB's online banking portal remained offline during the attack's initial reporting phase.
The disruption impacted ANB's customer-facing digital services, though the article did not specify the duration of the outage or quantify financial losses. The bank's reputation as an 'A'-rated institution by Standard & Poor’s underscored the operational significance of the attack. This incident mirrored the group's prior cyber activity, including a DDoS attack that disabled Saudi AlJazira Bank's website the preceding week. The attackers framed their operations as retaliatory measures against state policies, explicitly linking their targeting of financial infrastructure to political objectives rather than financial gain. No statements from ANB regarding incident response, mitigation efforts, or service restoration timelines were reported in the source material. The group reiterated its intent to continue attacking Saudi banks with increased intensity if their demands remained unmet, positioning the ANB incident as a tactical escalation within their broader campaign.