Cyber Incident Victim: Maldives Monetary Authority
Date:
May 2016
Location:
Maldives
Summary
A hacktivist collective, Anonymous, in collaboration with Ghost Squad, conducted distributed denial-of-service (DDoS) attacks targeting multiple international financial institutions, including the Central Bank of Maldives. The attacks temporarily disrupted online services, rendering the bank's website inaccessible alongside several others. This operation formed part of a broader campaign dubbed "Op Icarus," which aimed to protest perceived corruption within the global banking system, with specific targets selected due to their association with high-profile leaks like the Panama Papers. The collective claimed responsibility for impacting over ten banks during this wave, emphasizing intentions to hold financial elites accountable through disruptive cyber actions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On May 6, 2016, the Central Bank of Maldives experienced a distributed denial-of-service (DDoS) attack as part of a coordinated campaign by the hacktivist collective Anonymous and their affiliate Ghost Squad. The attack temporarily disrupted the bank’s online services, rendering its official website inaccessible. This incident occurred alongside simultaneous attacks on three other financial institutions: the Central Bank of the Dominican Republic, the Guernsey Financial Services Commission, and the Dutch Central Bank. The attacks were executed under Operation Icarus, a month-long campaign targeting global financial institutions. Anonymous had publicly announced the operation in a video released on May 4, declaring their intent to launch "one of the most massive attacks ever seen" against the banking sector. The group cited opposition to financial corruption and institutional power as motivations, explicitly linking their targeting of the National Bank of Panama to the Panama Papers leaks that exposed offshore financial activities of political figures.
The Central Bank of Maldives’ website was restored to operational status shortly after the attack, with no reports of data breaches or financial theft. Anonymous expanded their campaign beyond the initial eight banks, subsequently targeting the National Bank of Panama and Central Bank of Kenya on May 7, followed by the Central Bank of Mexico and Central Bank of Bosnia and Herzegovina. By May 2016, the group claimed to have attacked over ten banks, including prior operations against the Central Bank of Greece and Central Bank of Cyprus. Operation Icarus included an ambitious list of 160 potential targets, including major institutions like the US Federal Reserve, IMF, World Bank, and Bank of England. The incident occurred amid heightened cybersecurity concerns in the banking sector following high-profile breaches such as the Bangladesh Bank cyber heist and the Qatar National Bank data leak. No specific technical details about the attack vectors, mitigation measures, or financial impacts on the Central Bank of Maldives were disclosed in available reports.