Search This Blog

Russian Sberbank: Facing Massive Waves of DDoS Attacks

The malicious traffic that supported the attack against Sberbank's main website was generated by a botnet with 27,000 compromised devices.


Sberbank, Russia's banking and financial services company, has been the target of unprecedented hacking attacks. The bank was hit by the largest distributed denial-of-service (DDoS) attack in its history earlier this month. Thousands of internet users have been targeting Sberbank in recent months, according to Sergei Lebed, vice president and director of cybersecurity at Sberbank, who spoke to the audience at the Positive Hack Days conference. 

Sberbank is Russia's largest financial institution and Europe's third-largest, with total assets exceeding $570 billion. Following Russia's invasion of Ukraine, the entity was among the first to be sanctioned, and its operations on the European continent have been severely limited as a result. Since the beginning of the crisis in February, hackers aligned with Ukraine have targeted Sberbank. 

This action, according to the bank, is ongoing. waves of agressive attacks Sberbank claims to have repelled the most significant DDoS attack it has ever witnessed on May 6, 2022, with a rate of 450GB/sec. DDoS assaults deplete resources, making online services inaccessible to clients, causing business interruption and financial losses. 

A botnet with 27,000 compromised devices in the United States, the United Kingdom, Japan, and Taiwan generated the malicious traffic that enabled the attack against Sberbank's main website. According to Lebed, fraudsters employed various strategies to carry out this cyberattack, including code injections into advertising scripts, malicious Chrome extensions, and DDoS-wielding Docker containers. 

As per Lebed, they have detected over 100,000 internet users hitting them in the last few months, with 46 simultaneous DDoS attempts on various Sberbank services reported in March. Many of these attacks took advantage of online streaming and movie theatre traffic, a strategy used by pro-Russian threat groups against critical Ukrainian websites. Visitors' web browsers run carefully constructed code found in injected scripts, which generates a large number of requests to certain URLs, in this example under Sberbank's domain. 

"Today, the bank faces cyberattacks around the clock. Sberbank's Security Operation Center analyzes cyber threats 24/7 and promptly responds to them," stated Sergei Lebed/

"However, when it comes to companies in other sectors, most of them have never encountered anything like this before and may suffer damages," cautionedSberbank's vice president.

DDoS attacks of this magnitude are likely to persist as long as geopolitical tensions create a polarised atmosphere, and as Sberbank's announcement concludes, they may decrease in number but increase in power. This is consistent with Radware's research from yesterday, which detailed a 36-hour 1.1 Tbps DDoS attack on a US service provider, indicating that threat actors are becoming significantly more capable even compared to last year.
Share it:

Cyber Attacks

DDOS Attacks

Mallicious Attacks



Web Traffic