Cyber Incident Victim: Moscow Exchange
Date:
Nov 2016
Location:
Russia
Summary
A hacker using the alias vimproducts claimed responsibility for distributed denial-of-service (DDoS) attacks targeting several Russian financial institutions, including the Moscow Exchange, alongside Bank of Moscow, Rosbank, and Alfa-Bank. The attacks temporarily rendered most targeted websites inaccessible, though efforts to disrupt the Russian Ministry of Economic Development’s site failed. The perpetrator stated the attacks were commissioned by clients angered by Russia’s alleged interference in the U.S. election, leveraging the timing for publicity and criticizing the victims’ inadequate DDoS protections. Vimproducts openly solicited media coverage to amplify the impact, framing the disruptions as both promotional for his services and damaging to Russia’s reputation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 8, 2016, coinciding with the U.S. presidential election, a hacker using the alias "vimproducts" launched distributed denial-of-service (DDoS) attacks against multiple Russian financial institutions. The targets included the Moscow Exchange, Bank of Moscow, Rosbank, and Alfa-Bank. Vimproducts demonstrated the attacks in real time to Motherboard journalists by sharing links to functional websites before executing the DDoS, which rendered the sites either unresponsive or completely offline. Approximately one hour after the attacks began, three of the four banking sites remained inaccessible. The hacker also attempted to disrupt the Russian Ministry of Economic Development’s website but failed to take it offline despite multiple attempts. Vimproducts operated a DDoS-for-hire service advertised on the dark web marketplace AlphaBay, offering tiered pricing at $25 or $150 per day depending on the target’s size and protection level. He attributed the attacks to client requests motivated by Russia’s alleged interference in the U.S. election, stating, "Russia is bothering some clients with their effects on the US election."
Vimproducts proactively contacted journalists to publicize the incidents, framing the Election Day timing as strategic publicity for his business. He criticized the targeted banks’ cybersecurity measures, asserting their DDoS protections were inadequate and that "it should not be this easy to take them down." No technical details about attack vectors, mitigation efforts by the institutions, or collateral impacts beyond website downtime were disclosed in the available evidence. The hacker did not reveal payment amounts from clients for these specific attacks but emphasized the higher-tier $150 service was necessary for targets of this scale. The incident concluded with partial success—three banking sites experienced sustained disruption, while the Ministry of Economic Development’s site resisted the attacks. Vimproducts’ outreach to media underscored his dual objectives of attracting clients and publicly challenging Russian cybersecurity defenses.