KredoBank

KredoBank operates as a financial organization based in Ukraine. It provides banking services within the Ukrainian market, though the specific range of its core products or services beyond this general categorization is not detailed in the provided source material. The organization's headquarters is located in Ukraine, indicating its primary operational focus within that country. Information regarding its specific size, market share, customer base, or notable footprint beyond its Ukrainian presence is not available from the given incident overview.

KredoBank was significantly impacted by a sophisticated cyber attack on June 27, 2017. This incident was part of a broader campaign targeting Ukrainian entities, where attackers compromised the update mechanism of the M.E.Doc accounting software. Through this supply-chain attack, destructive malware, including NotPetya and ransomware variants known as XData and PsCrypt, was distributed to KredoBank and other victims. The attack led to widespread encryption of systems and data destruction, causing substantial operational disruption. Forensic analysis of the incident revealed the use of Bitcoin addresses for ransom demands, suggesting a financial motivation. Investigators also noted linguistic indicators pointing to possible non-native Ukrainian speakers posing as locals during the attack execution. Subsequent investigations identified technical similarities between this malware and earlier campaigns like Chthonic, hinting at potential links to broader, possibly nation-state affiliated, cyber activities.