Cyber Incident Victim: Central Bank of the United Arab Emirates
Date:
May 2016
Location:
United Arab Emirates
Summary
Anonymous conducted a series of high-volume DDoS attacks targeting multiple global financial institutions, including the Central Bank of the United Arab Emirates, as part of Operation Icarus. The coordinated 250 Gbps assaults forced the bank's website offline for several hours alongside other central banks in France, Tunisia, Trinidad and Tobago, and the Philippines. The hacktivist group claimed motivations included solidarity with street protests and retaliation against government arrests of activists. This incident formed part of a broader campaign against banking infrastructure worldwide, with previous targets including central banks in South Korea, Greece, Cyprus, and Bosnia and Herzegovina. All affected websites were eventually restored following the disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On May 14-15, 2016, the Central Bank of the United Arab Emirates was among five banking institutions targeted in a coordinated distributed denial-of-service (DDoS) attack campaign by the hacktivist collective Anonymous and affiliated group Ghost Squad Hackers. This incident occurred during Operation Icarus (OpIcarus), a sustained cyber campaign against global financial entities relaunched by Anonymous in March 2016. The attackers deployed high-volume 250 Gbps DDoS assaults that overwhelmed the bank's web infrastructure, forcing its public-facing website offline for several hours. The timing coincided with weekend banking closures, potentially amplifying disruption to public access. Simultaneous attacks struck the Bank of France (targeted twice within 24 hours), Central Bank of Tunisia, Central Bank of Trinidad and Tobago, and Philippine National Bank. Anonymous publicly claimed responsibility, framing the UAE Central Bank attack as part of broader solidarity with global protest movements, including France's #NuitDebout demonstrations against economic inequality. Technical assistance for the Bank of France takedown was attributed to "Sens power from Russia," indicating possible collaboration with external actors.
The UAE Central Bank incident represented an escalation in OpIcarus, which had previously targeted central banks in Jordan, South Korea, Montenegro, Greece, Cyprus, Netherlands, Guernsey, Maldives, and Bosnia-Herzegovina since March 2016. Attack methodology remained consistent across incidents, utilizing volumetric DDoS to disrupt public access rather than attempting data exfiltration or financial theft. All affected banking websites, including the UAE Central Bank's, were restored to functionality within hours without reported data compromise. Anonymous promoted the attacks through a dedicated Facebook event page, sharing screenshots of downed banking portals as proof of impact. The group explicitly linked the Philippine National Bank attack to retaliation against authorities arresting a hacker who breached the national election commission's database, demonstrating how OpIcarus combined technical disruption with political messaging. No bank-specific mitigation measures or forensic findings were disclosed publicly, though the rapid restoration suggested implementation of standard DDoS mitigation protocols.