Moscow Exchange, Sberbank Websites Knocked Offline as Ukraines Cyber Army Responsible?

Moscow Exchange, Sberbank Websites Knocked Offline—Was Ukraine’s Cyber Army Responsible?
Thomas BrewsterForbes Staff
Associate editor at Forbes, covering cybercrime, privacy, security and surveillance.
Feb 28, 2022,06:59am EST
Sberbank and Moscow Exchange down in DDoS attack claims.
Sberbank and the Moscow Exchange were both named as targets of the Ukraine IT Army. Websites for both were down Monday.MICHAL CIZEK/AFP VIA GETTY IMAGES
Early Monday morning, the website for the Moscow Stock Exchange went down and was inaccessible.

While its claims couldn’t be verified, the Ukraine IT Army, a crowdsourced community of hackers endorsed by Kyiv officials, called on members to launch attacks on the website, Moex[.]com, early on Monday. On Telegram, the IT Army claimed it took only five minutes to knock the site down. Mykhailo Fedorov, Ukraine’s deputy prime minister who announced the formation of the Army, celebrated on Facebook: “The mission has been accomplished! Thank you!”

The central bank of Russia initially delayed and then confirmed the Moscow Exchange would remain closed today as the impact of global sanctions led to the ruble dropping to a record low against the dollar. The London-listed shares of Sberbank plunged 70% amid a major selloff of Russian stocks like Lukoil that trade on the London Stock Exchange.

“We can confirm the Moscow Exchange website is down, but we don't have visibility into the incident’s root cause or the extent of the disruption,” a spokesperson for NetBlocks, which tracks internet connectivity across the world, told Forbes. Moex hadn’t responded to a request for comment at the time of publication.

This morning, the IT Army, announced by deputy prime minister Fedorov this weekend, also attempted to organize an attack on the website of Russia’s largest lender, Sberbank. Fedorov also claimed on Facebook that “Sberbank fell!” In the middle of the afternoon Moscow time, the site was inaccessible, as confirmed by NetBlocks. (Sberbank hadn’t responded to a request for comment.) The website for the FSB, a security service within Russia, was targeted, too.

The website outages land amid a range of attacks being launched alongside the fighting on the ground, where hacktivists have joined the fray in support of both Ukraine and Russia. Many are distributed denial of service (DDoS) attacks, where website servers are flooded with traffic to the point that they’re unusable. Various Ukrainian bank and government websites were knocked offline earlier this month, following attacks that were later attributed by Ukrainian, U.S. and U.K. officials to Russia. Computer wiping malware was also seen to spread across Ukrainian financial, defense, aviation and IT services organizations.

Ukraine and is supporters, via official and unofficial groups, have responded by launching DDoS attacks on numerous government targets. RT, the Russian state-funded TV station under scrutiny for its ties to the Kremlin propaganda machine, complained of being targeted by hacktivist collective Anonymous while the website of state news agency Tass was also offline.

The wave of cyberattacks appears to be going in the opposite direction than it was earlier this month, with most attack traffic targeting Moscow. Cloudflare, a company that protects and tracks internet traffic, said it had seen a “marked increase” in DDoS attacks originating in Ukraine. “There was a large increase in bot traffic in Ukraine, also. These two things may be related,” a spokesperson said, noting that “cyberattacks remain relatively quiet on .ua [Ukraine] domains.”

There were other reports of cyberattacks over the weekend. The official Kremlin website went down, and Belarus was drawn into the conflict on the ground and in the cyberdomain. On Sunday, a group called the Belarusian Cyber-Partisans announced it had targeted the Belarusian railway in support of Ukraine and in protest at the involvement of Belarus in Russia’s invasion. The group claimed railroads in Minsk and Orsha had been paralyzed. Forbes could not verify their claims, though Bloomberg reported an ex-Belarusian railway employee claiming that there were some outages of certain systems.

Forbes Russia, TASS and a number of other Russian media websites were also targeted in defacements in the last 24 hours. Their webpages were replaced with “an anti-war appeal with the logo of the Anonymous hacker group,” Forbes Russia noted on its Twitter account.