Cyber Incident Victim: Far Eastern scientific research centre of space hydrometeorology 'Planet'

The cyberattack attributed to Ukrainian intelligence forces against Russian financial and telecommunications infrastructure began on July 23, 2024, with coordinated disruptions targeting multiple sectors critical to civilian and economic operations. Operatives from the Main Intelligence Directorate of Ukraine’s Ministry of Defense (HUR) initiated the offensive by freezing payment systems and mobile banking applications across major Russian financial institutions, including VTB Bank, Alfa-Bank, Sberbank, Raiffeisen Bank, RSHB Bank, Rosbank, Gazprombank, Tinkoff Bank, and iBank. By July 27, the attack had expanded to Dom.RF Bank, with ATM services rendered inoperable at numerous locations. Customers attempting cash withdrawals experienced immediate card blocking, stranding funds and limiting access to basic financial services. Concurrently, personal online banking portals suffered outages, preventing account management or digital transactions. Public transport payment systems were disabled, disrupting commuter mobility in affected regions. Telecommunications providers Beeline, MegaFon, Tele2, and Rostelecom reported service degradation, impacting mobile connectivity and internet access. The attackers also compromised popular online messengers and social networks, though specific platforms remained unnamed in available reporting.

Intelligence sources confirmed the attackers gained access to extensive databases within multiple compromised banks, though the exact scope of data exfiltration or manipulation was not detailed. The incident’s operational tempo intensified over five consecutive days, with no publicized containment measures or restoration timelines from Russian entities as of July 27. Impacts cascaded beyond financial transactions, affecting retail commerce, communication channels, and daily logistical operations reliant on digital payments. Ukrainian sources characterized the attack as an unprecedented and ongoing effort to degrade Russia’s financial capacity to sustain military operations, framing it as a direct response to Russia’s invasion of Ukraine. No countermeasures, forensic findings, or attribution claims from Russian authorities or affected organizations were disclosed in the reporting period. The offensive continued to escalate in scale and disruptive effects at the time of last reporting, with no indication of operational de-escalation or resolution.