Ukrainian mobile bank sees a spike in ‘non-stop’ DDoS incidents

One of Ukraine’s most popular online banks, Monobank, was targeted by a distributed denial-of-service (DDoS) attack over the weekend — the latest in an ongoing wave of incidents against Ukrainian financial institutions.

According to the company’s CEO, Oleh Horokhovskyi, the bank faced its largest attack ever, with 580 million service requests over three days. During DDoS attacks, hackers attempt to disrupt the regular operation of an online service by overwhelming it with a flood of junk internet traffic.

The attacks on Monobank persisted from Friday to Sunday. The bank, which only serves customers through a mobile app, did not specify if the incident affected operations. Monobank users interviewed by Recorded Future News reported no issues with the bank’s app or virtual banking cards.

Horokhovskyi called Monobank “one of the most attacked” IT targets in Ukraine. “DDoS attacks are just non-stop,” he said.

Monobank did not respond to an inquiry about the potential hacker group behind the latest attack. Horokhovskyi also declined to comment further. Larger organizations have faced much more intense DDoS incidents, including a spate against U.S. tech giants in August.

A previous attack on Monobank occurred earlier in December, on the same day when Russian state hackers shut down Ukraine’s largest telecom operator, Kyivstar, leaving millions of its subscribers without cellular network and internet coverage for days. At that time, Monobank said that it quickly resolved the incident.

Monobank would be a logical target for Russian threat actors. It is frequently used by Ukrainians to raise donations for the military. The bank made it quite simple for users — all they have to do is create a virtual wallet and share it directly to their Instagram story for others to contribute.

Russia-linked hackers are also targeting other Ukrainian financial institutions. In December, Ukraine's computer emergency response team, CERT-UA, warned about cyberattacks by the hacker group tracked as UAC-0006, which mostly focuses on the Ukrainian financial industry.

This group has been active since 2013 and is known for using malware to steal money from Ukrainian enterprises. It is not clear if it's a state-sponsored threat actor or a financially motivated group.

Monobank hasn’t reported any cyberattacks recently other than DDoS incidents. In December, the company initiated its first bug bounty program as a protective measure against more advanced threats. Bug bounty programs pay awards to security researchers — also known as ethical hackers — who find and report vulnerabilities.

Participants in Monobank's bug bounty had to verify their identity using Ukraine’s e-government app to “weed out” potential Russian hackers, Monobank’s chief information officer told Forbes Ukraine.

Participants identified two high-severity flaws and several less serious bugs in Monobank’s systems, the company said. No critical security vulnerabilities were uncovered.