Microsoft has warned Europe to be on alert for cyber attacks from Russia this winter, just as a series of attacks hit Russian organizations – including the country’s second-largest bank.
The government-controlled St Petersburg-based VTB finaincial institution announced on Tuesday it was facing an “unprecedented cyber attack from abroad,” and added that the DDoS flood was the largest in the bank’s history.
“Analysis of the DDoS attack indicates that it is planned and large-scale,” the bank said in a statement released to Russian media. “Its purpose is to cause inconvenience to the bank’s customers by hindering the operation of banking services.”
While “most” of the network-flooding traffic came from “foreign segments of the internet,” some originated from Russian IP addresses, which the bank noted was “of particular concern.”
“We do not exclude that some of these Russian addresses could be among the participants in the attack as a result of cyber fraud,” VTB said. “All identified Russian IP addresses will be handed over to law enforcement agencies for verification, since organizing and participating in a DDoS attack is a criminal offense.”
Wipers hit Russian courts
The DDoS attack against the bank’s technical infrastructure follows reports of data-wiping software being deployed on Russian mayors’ and courts’ computers last week.
According to local media reports, the wiper poses as ransomware, demands half a million rubles, and regardless of whether the organizations pay or not, it deletes files.
This type of data-deleting malware has been prevalent since before Russia illegally invaded Ukraine. Kremlin-backed criminals were using wipers against Ukrainian infrastructure and organizations from January.
The latest round of wiper and DDoS attacks comes as Microsoft warns that Russia will likely expand its “hybrid-war” efforts beyond Ukraine, and suggests Europe look to Poland as a “harbinger” of what’s to come.
In October, GRU-backed Sandworm (Microsoft calls this cyber gang “Iridium”) deployed the Prestige ransomware against logistics and transportation networks in Poland and Ukraine, marking the first war-related cyber attack outside of Ukraine since the operation against Viasat took customers’ satellites offline and knocked out the remote monitoring of 5,800 wind turbines in Germany.
“The Prestige event in October may represent a measured shift in Russia’s cyber attack strategy, reflecting a willingness by Moscow to use its cyber weapons against organizations outside Ukraine in support of its ongoing war,” observed Clint Watts, GM of Microsoft’s Digital Threat Analysis Center, adding that the Kremlin might use these types of state-sponsored attacks to disrupt foreign supply chains.
European nations and the US should also brace for more Kremlin-backed influence operations – preying on citizens’ concerns about rising energy prices and inflation, and pushing pro-Russian narratives, Watts wrote.
“Russia has and will likely continue to focus these campaigns on Germany, a country critical for maintaining Europe’s unity and home to a large Russian diaspora, seeking to nudge popular and elite consensus toward a path favorable to the Kremlin,” he argued.
While France is less vulnerable to energy-related disinformation campaigns than Germany or Italy, according to Microsoft, there’s a risk that Russia will attempt to use social media campaigns to meddle in French affairs, based on its previous efforts.
“Ukraine has fought a brave defense both online and on the ground against a merciless Russian assault,” Watts concluded. “With the help of its partner nations, companies and democratic citizens, we all can ensure that Ukraine and Europe’s infrastructure is protected and democracy resilient in the face of authoritarianism this winter.” ®