Ukrainian banks hit by pro-Russian NoName hackers

The Russian-linked hacktivist group NoName has been relentlessly targeting the Ukrainian financial sector in its latest campaign against the war-torn nation.

“We will start today's journey with an attack on the financial sector of Ukraine🇺🇦,” the gang posted on their encrypted Telegram channel June 27th.

Since the threat actors edict four days ago, nearly a dozen major Ukrainian banks have been hit daily by the gang’s signature DDoS attack method.

Targets include four of the nation's largest commercial banks, including First Ukrainian International Bank (PUMB), State Savings Bank of Ukraine (Oshchadbank), Credit Agricole Bank, and Universal Bank.

The pro-Russian hacking conglomerate, officially known in the security world as NoName057(16), said its latest campaign is aimed at disrupting Ukraine’s online banking internet infrastructure.

Besides claiming to have knocked several of the bank websites completely offline, the gang has also specifically gone after authorization services, login portals, customer service systems, and loan processing services.

NoName Ukraine bank attacks
NoName, Telegram

Other Ukrainian banks claimed by NoName this week include Ukrsibbank, Tascombank, MTB Bank, Pravex Bank, Piraeus Bank, Credit Dnepr Bank, and Clearing House.

Mocking a cashless society

The hacking campaign may have been spurred on by a recent announcement by Ukrainian politicians to become the “first country in the world to completely abolish cash,“ the group posted on Telegram.

“According to the Deputy Head of the Office of the President of Ukraine Rostyslav Shurma, the country wants to ban cash payments, which will make it possible to overcome at least 95% of corruption.”

“But we, unlike Shurma, are absolutely sure that Ukraine will never give up the money of its Western masters. But they are not endless…,” it said.

In the meantime, we are helping the Bandera junta to "reject" their banking internet infrastructure and kill the authorization service into the internet banking "Credit Agricole Bank," the gang said.

NoName Ukraine bank attacks cashless
NoName, Telegram

Bandera junta is a pejorative used by Russians to describe Ukrainians who support sovereignty from the Kremlin. The phrase dating back to World War II references the radical far-right group, the Organization of Ukrainian Nationalists (OUN), formed in the late 1920s by political activist Stephen Bandera.

NoName goes off-book

Randomly, on June 28th, the gang also picked up on a post by fellow hacktivist group Anonymous Sudan, which has been continuously targeting Sweden since the burning of a Quran during a protest in Stockholm this past January.

In an apparent gesture of solidarity towards Anonymous Sudan, NoName momentarily switched gears and decided to attack two targets in Sweden, the website of the Swedish railway carrier SJ AB and the Swedish Financial Supervisory Authority, Finansinspektionen (FI).

NoName cited the more recent and second Quran burning by protesters in Stockholm, that same day, as the reason for the Swedish attacks.

“🔻Swedish police allowed to burn the Koran in Stockholm on the first day of Eid al-Adha, we read in the news🤬,” NoName posted.

“Considering that the Swedish authorities also help Ukrainian terrorists, we could not pass by and killed the website of the financial supervision of Sweden,” the group claimed.

NoName Sweden attacks Quran
NoName, Telegram

Besides Anonymous Sudan, it would be the first time any Russian-affiliated hacker group has linked Islamic affairs to their motivational doctrine.

Anonymous Sudan claims its motivation against the West is due to interference in Sudanese political affairs, but most security insiders are convinced the group is either operated by Russian sympathizers or backed by the Russian government – possibly explaining why NoName would suddenly take up arms with the group.

NoName and the West

NoName first hit the hacking scene right around the start of the Russian invasion of Ukraine.

Since then, the gang has mainly set its sites on NATO member nations allied with Ukraine, recently targeting critical infrastructure in Poland, Denmark, and Lithuania, the French parliament, and nearly a dozen attacks on Switzerland’s financial and aviation sectors this month.

Some of the largest European ports in Italy, Germany, Spain and Bulgaria were hacked by NoName on June 16.

In January, NoName was discovered advertising cryptocurrency payouts to volunteer hackers in exchange for joining in on the group’s distributed denial-of-service (DDoS) attacks, which overload a website with traffic requests, causing it to crash.

Around the same time, the group was able to take down at least half a dozen websites belonging to the 2023 Czech presidential election candidates, causing chaos just days before the elections were scheduled to begin.