Cyber Incident Victim: Globex
Date:
Dec 2017
Location:
Russia
Summary
Hackers attempted to steal approximately $940,000 from a Russian state bank via unauthorized SWIFT payment requests, successfully withdrawing around $100,000 before the attack was detected and halted. The institution confirmed customer funds remained unaffected, while SWIFT reiterated there was no evidence of compromise to its network or services. This incident aligns with a broader pattern of cyberattacks targeting financial messaging systems, following similar breaches at other banks globally.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 21, 2017, Russia's state-owned Globex Bank disclosed that hackers had attempted to steal 55 million rubles ($940,000) through unauthorized SWIFT payment messages. The attack occurred the prior week, targeting the bank's computers connected to the SWIFT international financial messaging network. Globex President Valery Ovsyannikov confirmed through the bank's press service that no customer funds were compromised during the incident. According to Kommersant daily reports citing unnamed sources, the attackers successfully withdrew approximately $100,000 before the bank detected and halted further fraudulent transactions. The bank identified the intrusion during the attack, preventing the full theft of the targeted amount. SWIFT representatives declined specific comment on Globex but reiterated their commitment to cybersecurity, stating no evidence indicated unauthorized access to SWIFT's core network or messaging services.
This incident occurred amid heightened warnings from SWIFT about rising cyber threats following high-profile attacks, including the 2016 Bangladesh Bank heist that exploited SWIFT credentials. SWIFT had issued multiple advisories urging financial institutions to strengthen security protocols, though it maintained confidentiality regarding attack statistics or victim identities. Public reports prior to the Globex attack included breaches at Taiwan’s Far Eastern International Bank and Nepal’s NIC Asia Bank. Cybersecurity expert Shane Shook, who investigated several SWIFT-related hacks, noted at least seven distinct hacker groups had conducted similar operations for five years, with most incidents unreported. Globex, a subsidiary of Russian state development bank VEB, was undergoing planned transfer to Russia’s state property management agency at the time of the attack, though sources did not link this transition to the breach. The bank’s public acknowledgment underscored ongoing vulnerabilities in financial messaging infrastructure despite industry-wide security enhancements.