4 min

Tags in this article

, , , ,

The European Investment Bank (EIB) websites have been offline on Monday evening due to cyber attacks. The attack was claimed via Telegram by KillNet. The hacker group illustrates that the war also takes place digitally.

The European Investment Bank shared in a Tweet yesterday that it was a victim of a cyber attack. As a result, its websites eib.org and eif.org have been inaccessible for several hours.

Although the EIB does not yet want to speculate, KillNet, among others, already claimed responsibility via a Telegram message. The hacker group threatened the European banking sector with disastrous cyber attacks in the middle of last week. It is therefore quite possible that KillNet caused the problem or was partly responsible for it.

Child from the war

An official genesis of a hacker group is not readily available, but KillNet is thought to have formed around March 2022. The formation has everything to do with the war between Russia and Ukraine, with KillNet helping the Russian state wage digital war from a pro-Russian mindset.

In the video distributed last week, they appealed to other hacker groups to bring down the European banking system. “No money, no weapons, no government in Kiev,” the threat sounded. That line was meant to convince hacker groups worldwide to join what they call ‘the project.’ “Nothing will save you, and this is not a warning. I am only informing you. You have never seen such problems before,” the masked man concluded his message. Meanwhile, the name KillNet flashed across the screen several more times.

Should KillNet bring Europe’s banking sector to its knees, it will be the most extensive action it has taken since its inception. Before, the hacker group specialized in DDoS attacks targeting companies and government agencies expressing support for Ukraine. The cyber attack shuts down internet pages through a bombardment of HTTP requests. Likely, this type of attack has made EIB websites inaccessible.

Old acquaintance

The video did not just feature KillNet. The hacker group already found affiliation with another well-known pro-Russian hacker collective: REvil. They appear to be making a comeback tour, after Russian intelligence reported early last year that arrests had completely shut down the collective.

“If God rules Russia, who rules Europe? That’s right, the banking system,” their message aimed at Europe’s banking sector kicks off. “No money, no problems. REvil is sufficiently familiar with the European financial structure. See you soon.”

The REvil which spoke may include members who still held a minor position in the group in 2022. Additionally, the member count will have been further tightened, as a few months after the arrests a blog page surfaced online that was recruiting members.

If we really hear someone from REvil speaking in the video, the hacker group’s modus operandi has gone haywire along with the membership change. In the years they were active, they never announced a cyber attack. Their trademark further revolves around the distribution of ransomware, which already requires more sophisticated hacking skills than a quite simple DDoS attack.

As a hacker, you don’t simply enter the digital walls of a financial institution. These are constantly guarded with the best available security mechanisms and monitored by specialized personnel. According to the December 31, 2022 financial situation, the EIB’s balance sheet total stood at more than 500 billion euros. A lot of money, that you want to keep people with ill intentions far away from.

Darknet Parliament

The last party standing by is Anonymous Sudan. They open the video and appoint themselves as a “direct threat to all European banks.” The hacker group previously managed to launch a DDoS attack on Microsoft’s online services successfully. The Windows creator himself refers to the group as Storm-1359.

The three groups together call themselves the Darknet Parliament. For public communications, KillNet is taking the lead for now. They indicate they target the European bank transfer systems IBAN, WIRE, SWIFT and WISE. In the Darknet Parliament we found mainly knowledge about how to carry out a DDoS attack. This type of attack has likely disrupted EIB websites, but there is a small chance internal systems will be hit. There are currently no indications of a ransomware attack. For that matter, things remain very quiet at the EIB. Besides the message on Twitter, no information has been publicly announced. The institution will likely change that once the attack is resolved and an investigation is launched.

KillNet represents that the war between Russia and Ukraine is not only being fought on the ground. It wants to punish government institutions and companies for supporting Ukraine and wants to do it big this time. However, we should still say with some caution that the hacker group is now putting its money where its mouth is.