Cyber Incident Victim: Alfa-Bank

On November 8, 2016, coinciding with the U.S. presidential election, a hacker using the alias vimproducts conducted distributed denial-of-service (DDoS) attacks against multiple Russian financial institutions, including Alfa-Bank. The attacker contacted Motherboard journalists to document the incidents, demonstrating real-time disruptions to the Moscow Exchange, Bank of Moscow, Rosbank, and Alfa-Bank websites. After sharing functional links to these sites, vimproducts executed attacks that rendered them either unresponsive or completely offline. Approximately one hour after the attacks began, three of the four targeted websites remained inaccessible. The hacker also attempted to disrupt the Russian Ministry of Economic Development’s website but failed despite multiple efforts. Vimproducts operated through AlphaBay, a dark web marketplace, offering DDoS-for-hire services priced at $25 or $150 daily depending on target size and security measures.

The attacks were commissioned by clients motivated by Russia’s alleged interference in the U.S. election, as stated by vimproducts. He explicitly linked the timing to Election Day, acknowledging it served as strategic publicity for his services while damaging Russia’s reputation. The hacker criticized the targeted banks for inadequate DDoS protections, asserting their security flaws made the disruptions easier to achieve. No financial demands or data breaches were reported, and the primary impact was temporary service unavailability. Vimproducts actively sought media coverage by soliciting journalists, though Motherboard declined to publish his contact details. The incident highlighted operational vulnerabilities in the affected institutions’ web infrastructure without evidence of data compromise or collateral damage beyond temporary outages.