Cyber Incident Victim: Gazprombank
Date:
Dec 2024
Location:
Russia
Summary
A Russian financial institution experienced service disruptions following an alleged distributed denial-of-service (DDoS) attack claimed by Ukraine's military intelligence agency, impacting customers' ability to conduct transactions or access online banking platforms. The bank's mobile application became unavailable on Google Play but remained accessible through a Russian alternative store, while some European users reported temporary outages. Although the organization did not formally attribute the issues to cyber activity, users continued encountering login difficulties despite partial service restoration. As a major channel for Russian energy export payments and a recent target of international sanctions, the incident occurred amid geopolitical tensions affecting financial operations, including adjustments to gas payment mechanisms involving foreign currency conversion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Russian users began reporting difficulties accessing Gazprombank's digital services in late November 2024, with widespread complaints about failures in transaction processing and bill payments through its website and mobile application. Outage tracking platforms like Downdetector recorded significant disruptions coinciding with Ukraine's military intelligence agency (HUR) publicly claiming responsibility for a distributed denial-of-service (DDoS) attack against the bank earlier that week. An anonymous HUR source stated the attack aimed to prevent hundreds of thousands of Russian customers from conducting financial transfers or online payments. By December 1, Gazprombank confirmed its mobile app had been removed from Google Play, directing users to download it via Russia's domestic RuStore platform instead. Russian state media outlet RIA Novosti separately noted temporary unavailability of the bank's online services in France and Germany prior to the outage reports within Russia.
The bank acknowledged technical issues affecting its app but did not attribute them to cyberattacks in its Telegram communications. Despite restoration of its main website by December 1, Downdetector data indicated persistent login failures and app malfunctions among users. This incident followed U.S. Treasury sanctions imposed in November 2024 targeting Gazprombank’s role in facilitating Russian energy export payments, which prompted European nations like Hungary to request exemptions for gas transactions. On November 30, Russian President Vladimir Putin modified payment requirements for gas exports, removing Gazprombank’s exclusive mandate to process foreign currency conversions while retaining its status as the primary authorized institution. The attack occurred amid a pattern of Ukrainian cyber operations against Russian financial entities, including HUR’s October 2023 collaboration with pro-Kyiv hackers that compromised Alfa-Bank’s customer data. Gazprombank’s position as Russia’s third-largest bank and critical conduit for oil and gas revenue underscored the operational significance of the disruptions.