Pro-Russian Hacktivists Preparing Cyber Attack on Western Financial Systems

Several Pro-Russian hacktivists have declared that
they plan to launch a large-scale cyber attack on the Western Financial system
within the next 48 hours.

The three primary groups, KillNet, REvil and
Anonymous Sudan, have formed an alliance to prepare and launch a large cyber

The alliance reportedly plans to carry out a
distributed denial of service (DDoS) attack against the SWIFT wire transfer
system. SWIFT is a widely used international transfer network that transfers
money securely. Should the attempt be successful, severe disruptions would be

The hacktivists have also declared that, in
addition to SWIFT, there are other active targets: European and US Banks as
well as the US Federal Reserve system.

REvil is a highly skilled Russian cyber criminal
group that has been responsible for several high-profile attacks across
organisations worldwide. Their primary method of attack is ransomware; their most
recent successful attack was on one of Australia’s largest private medical
insurance company, Medibank. Data was stolen from Medibank and has since been
released on the dark web; this has severely damaged the reputation of the

The second threat actor group to be involved, KillNet,
is also a pro-Russian hacker group that has been attributed to DDoS attacks
towards the government and private companies across several countries. The
attacks from KillNet have increased since the Russian invasion of Ukraine. More
recently, they have been targeting the healthcare system in the US.

The final group involved, Anonymous Sudan, follows
cyber attack techniques similar to KillNet’s in the form of DDoS. Anonymous
Sudan has not been heavily involved with the alliance; however, a telegram page
purportedly belonging to the threat group has declared that they, KillNet and REvil
are united in conducting a large-scale attack to “paralyse SWIFT” and attack
the western financial system.

Anonymous Sudan claimed responsibility recently
for the large DDoS attack that severely disrupted customers on the Azure
platform between 15:10 and 17:10 UTC on 09 June 2023.

ITC-TI analyst comment:
  • Ensure patches are applied to any system as soon as possible to avoid vulnerability scans detecting any vulnerabilities with malicious intent.
  • Implement a perimeter firewall to prevent unauthorised traffic attempting to access or create DDoS attempts.
  • Disable ICMP to prevent overload of ping requests that creates a DDoS-style attack.
  • Scale up the bandwidth so that the network can handle unusually large requests without crashing.
  • Segregate the network so that distributed attacks cannot be completed as the request to reach the devices are unsuccessful.
  • Ensure network devices have a load balancer so that high amounts of traffic can be handled across different network paths.
  • Close all non-standard ports and place devices on restrictive policy from a firewall and antivirus standpoint.
  • Ensure conditional and network-access policies are in place to prevent any unauthorised access.
  • Implement a reverse-proxy that can conceal the IP address of the targeted server.
  • Implement and maintain policies using anomaly behaviour technology to enforce actions, such as blocking abnormal traffic on public facing devices, to prevent attempted DDoS attempts: achievable through EDR tools.