Cyber Incident Victim: Rosbank

On November 8, 2016, coinciding with U.S. presidential elections, a hacker using the alias vimproducts conducted distributed denial-of-service (DDoS) attacks against multiple Russian financial institutions. The targets included Rosbank, Moscow Exchange, Bank of Moscow, and Alfa-Bank. Vimproducts proactively contacted Motherboard journalists to document the attacks, demonstrating live takedowns by first showing functional websites followed by their subsequent inaccessibility. Within approximately one hour of initiating the attacks, three of the four banking websites remained offline or unresponsive. The hacker also attempted unsuccessfully to disrupt the Russian Ministry of Economic Development's website, which remained operational despite multiple attack attempts. Vimproducts attributed the attacks to customer requests motivated by Russia's alleged interference in the U.S. election cycle, though he declined to disclose specific payment amounts for these operations.

The attacker operated through the dark web marketplace AlphaBay, advertising tiered DDoS services priced at $25 for standard attacks and $150 for targeting protected or medium-to-large websites. Vimproducts explicitly stated the Election Day timing served as promotional exposure for his business while simultaneously criticizing the targeted banks' cybersecurity measures. He characterized their DDoS protections as inadequate, asserting the takedowns required minimal effort. No statements from affected institutions regarding incident response or mitigation efforts appeared in the available reporting. The attacks resulted in temporary service disruptions to multiple financial platforms but did not involve claims of data compromise or financial theft. Journalistic verification confirmed the temporary outages but did not include technical analysis of attack vectors or duration beyond the initial hour-long disruption window.