Cyber Incident Victim: PrivatBank
Date:
Feb 2022
Location:
Ukraine
Summary
A cyberattack involving a powerful DDoS attack targeted PrivatBank's Privat24 application, alongside other state banks and Ukrainian government websites, disrupting services such as card payments, money transfers, and balance visibility for users. The bank confirmed no threat to depositor funds and restored system functionality after mitigating the attack, though it warned of potential follow-on incidents. The incident was linked by government experts to prior Russian-origin attacks on Ukrainian infrastructure, occurring amid heightened warnings of broader aggression against Ukraine.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 15, 2022, a coordinated cyberattack targeted multiple Ukrainian financial and military institutions, including PrivatBank, Oschadbank, the Ministry of Defense website, and the Armed Forces of Ukraine (VSU) website. The incident began at approximately 15:00 local time, with PrivatBank experiencing a sustained and large-scale distributed denial-of-service (DDoS) attack against its Privat24 application infrastructure. Users reported widespread disruptions to banking services, including failures in card payments, money transfers, and balance visibility. Transaction histories also failed to update, indicating systemic interruptions to core banking functions. The Center for Strategic Communications and Information Security confirmed the attacks via an official Facebook statement that evening, characterizing the incident as part of a broader offensive against critical infrastructure. PrivatBank publicly acknowledged the DDoS attack within hours, emphasizing that customer funds remained secure and that the disruption solely affected application accessibility rather than transactional integrity. Service degradation persisted for multiple hours as the bank's IT teams worked to mitigate the attack vectors.
Technical responders successfully neutralized the DDoS attack later that day, restoring full system functionality while maintaining alerts for potential follow-on incidents. PrivatBank's communications highlighted ongoing defensive preparations by their cybersecurity team to counter anticipated additional attacks. The incident occurred against a backdrop of heightened geopolitical tensions, with U.S. National Security Advisor Jake Sullivan having publicly warned that Russia might initiate military operations against Ukraine imminently, potentially including cyber operations as precursor actions. Ukrainian law enforcement agencies classified the attack as technically sophisticated and high-volume, though no attribution evidence was disclosed in immediate public statements. Historical context emerged through references to a prior January 14, 2022, cyberattack against Ukrainian government websites, which government experts had attributed to Russian actors. The February 15 event represented a visible escalation in targeting concentration, simultaneously striking financial transaction systems and military communications platforms during a period of acute international crisis.