Cyber Incident Victim: Sberbank
Date:
Oct 2022
Location:
Russia
Summary
A cyberattack targeted Sberbank, one of Russia's largest financial institutions, causing significant operational disruptions. The incident involved a distributed denial-of-service (DDoS) campaign that overwhelmed the bank's digital infrastructure, temporarily impairing online banking services and customer access. While the attack's precise origin remained unconfirmed, it coincided with broader offensive cyber activities against Russian critical infrastructure entities during this period. The bank implemented mitigation measures to restore functionality, though the event highlighted vulnerabilities in financial sector resilience against coordinated network-based assaults.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 7, 2022, Sberbank experienced a significant distributed denial-of-service (DDoS) attack targeting its online banking platform and mobile applications. The attack disrupted customer access to digital services for over 24 hours, with peak intensity overwhelming network infrastructure during business hours. Sberbank's security team attributed the attack to foreign actors based on traffic analysis showing coordinated botnet activity originating primarily from IP addresses in the United States, United Kingdom, Japan, Taiwan, and India. Technical analysis revealed the attackers employed multiple attack vectors simultaneously, including HTTP flood and DNS amplification techniques. The bank's automated monitoring systems detected anomalous traffic patterns at 08:43 Moscow Time, triggering incident response protocols. Service degradation became apparent within 30 minutes as transaction processing delays affected retail banking operations across multiple regions.
Sberbank implemented countermeasures including IP address blocking, traffic rerouting through scrubbing centers, and temporary rate limiting on non-critical services. Full service restoration occurred by 23:00 on October 8 following sustained mitigation efforts. The bank confirmed no customer data breaches or financial system compromises resulted from the attack. A subsequent DDoS incident occurred on October 25, 2022, as part of coordinated attacks against multiple Russian financial institutions. This later attack utilized hijacked IoT devices in its botnet infrastructure and caused intermittent service disruptions for approximately six hours. Sberbank collaborated with Russia's national CERT during both incidents to share threat indicators and mitigation strategies while maintaining regulatory compliance throughout the response lifecycle.