Bringing down the European banking system, the new bluff of pro-Russian hackers

Are European banks really under threat? Friday, June 16, a coalition of pro-Russian hackers made up of the groups Killnet, Anonymous Sudan and REvil announced the launch of a series of attacks once morest international banking transaction systems. In a video uploaded two days earlier on a Telegram channel, they had threatened to bring down the European financial system within 48 hours.

Appearing masked to the camera, these “hacktivists” [terme qui désigne des hackers activistes, ndlr] take up a whole series of stereotypes in their staging: frightening silhouette, saturated colors, music worthy of an American blockbuster and explosive phrases. They threaten to implement the destruction of the European banking system ”, and warn that it is more than a simple “ warning ».

A publicity stunt more than a real danger

But even if the threats from hackers were to prove serious, the solidity of Western banking transaction systems would represent far too great an obstacle for these groups. ” These groups do not have the technical capacity to achieve what they claim “, explains to the Tribune Maxime Arquillère, cyber threat analyst at Sekoia. The expert recalls that if ” any attack remains to be monitored “, he does not expect a large-scale attack ” in any case at the height of what they claim ». « International financial transaction systems are extremely robust, and are far from being within the reach of activist groups like we have here. insists Maxime Arquillère.

As often, the threats would be less of a real danger than a communication stunt. The expert speaks of a ” announcement effect “, which aims to “ carry the Russian narrative and criticize Western support for Ukraine “. In other words, even if European cybersecurity agencies remain alert to this type of threat, they are not overly concerned regarding their potential implementation.

Propaganda in response to the Ukrainian counter-offensive

The threats made by the hacktivists come in the context of Ukraine’s major counter-offensive once morest Russia, launched earlier this week. And the individuals who appear in the video use elements of Russian propaganda language. They accuse the Swift network and Western financial infrastructures of being a cornucopia for so-called Ukrainian “Nazism”, which has been repeatedly deconstructed by experts. Their logic: no money, no weapons “. In other words, if they cut European financial flows, they would in turn cut off the supply of arms to the Ukrainian army. Western support has recently accelerated following the green light for the delivery of F16 planes by the West as well as promises of military aid for the launch of the counter-offensive.

If the war in Ukraine is being played above all on the ground, groups of hacktivists are engaged in an information warfare monitored by the authorities. Among them, the historical group Killnet has been particularly active since the beginning of the invasion. It is particularly illustrated by DDoS attacks (by denial of service, in French), which consist in overloading the sites of requests to bring them down temporarily, once morest several Western public institutions. These ” cyberattacks have a very low level of sophistication and cause little or even negligible damage depending on their extent, according to the expert.

The noise of hacktivists, here to stay

On the other hand, their operations attract attention. For example, Killnet managed to disrupt the NATO website in February 2023, causing connection difficulties for a few hours.

Hacked by pro-Russian hackers, the site of the National Assembly blocked

A month later, a new group of supposedly Sudanese hackers claiming to be “Islamist” and “pro-Russian”, named Anonymous Sudan, distinguished itself by a series of similar actions. The collective launched a campaign once morest France and made the sites of several airports temporarily unavailable, giving rise to a DGSI investigation. If both Killnet and Anonymous Sudan are taking part in the Russian war effort, no official link with the Kremlin has been proven, despite the desire of the Russian Parliament at the beginning of the year to give free rein to these groups in officially decriminalizing piracy « if he is patriotic ».

The third member of the coalition is more surprising, since it is REvil. Specialized in destructive ransomware attacks, which consist of paralyzing entire computer systems to demand ransoms, this group usually has purely lucrative objectives, recalls the expert. It had been dismantled by the Russian authorities in response to requests for international cooperation in early 2022, before the outbreak of war, and has reportedly since returned. Unlike his henchmen, REvil has more serious punching power, which has already caused damage to important infrastructure. But the banking system remains a target of a completely different order than its usual victims.