There is credible cyber threat intelligence sourcing from a KillNet Telegram account with 104K subscribers that three cybercriminal groups – KillNet, REvil, and Anonymous Sudan -- are planning a cyber attack on the European banking financial system. The threat actors aim to disrupt economic and financial stability based on their shared anti-Ukraine ideology.
As of 06/16/23 at 6:56 ET, the group doubled down on the threat. They plan to "repulse the madmen" according to the formula of "no money - no weapons - no Kyiv regime."
"72 hours ago, three heads of hacker groups from Russia and Sudan held a regular meeting in the DARKNET parliament, and came to a common decision:
× SOLUTION №0191
- Today we are starting to impose sanctions on the European banking transfer systems SEPA, IBAN, WIRE, SWIFT, WISE."
Entities Named in the Threat
SEPA (Single Euro Payments Area): SEPA is a European Union initiative that regulates electronic payments in euros. With SEPA, countries within the EU and a few others can make cross-border payments as easily as domestic ones. It covers credit transfers, direct debits, and card payments.
IBAN (International Bank Account Number): IBAN is an internationally agreed-upon system of identifying bank accounts across national borders with a reduced risk of transcription errors. It plays a crucial role in the data accuracy of international money transactions.
WIRE Transfer: A wire transfer is an electronic transfer of funds across a network administered by hundreds of banks and transfer service agencies worldwide. It is a fast and reliable method of transferring money from one person or entity to another.
SWIFT (Society for Worldwide Interbank Financial Telecommunication): SWIFT is an international, member-owned cooperative providing secure financial messaging services. It's a vast network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized, and reliable environment.
WISE (formerly TransferWise): Wise is a British financial technology company offering cheap, fast, secure international money transfers. The platform uses mid-market exchange rates to help users avoid traditional banking fees. It is known for its transparent fee structure and ease of use.
Threat Actors Involved in the Current Threat
KillNet: Infamous for breaching the security of major defense corporation Lockheed Martin last August and leaking sensitive information about Federal Bureau of Investigation (FBI) agents.
REvil: Known for multiple, high-profile attacks including theft of Apple's future product plans, a widespread attack on Texas local governments, and an assault on JBS, the world's largest meat supplier.
Anonymous Sudan: A group believed to be part of the wider Anonymous collective. Their past involvement suggests a potential for significant technical expertise and disruptive capability.
Immediate Recommended Actions
Increase Threat Monitoring: Augment external threat monitoring by directly tracking the source Telegram account and any other Telegram sources for new posts with DigitalStakeout's Profile Tracker. Profile Tracker will enable you to track specific information sources in one place.
Alert Staff and Stakeholders: It is vital that all relevant personnel and stakeholders are made aware of the active cyber threat from this group. Initiate communication detailing the nature of the threat, the threat actors involved, and the possible implications of a successful attack. Encourage staff members to maintain heightened vigilance. Explain the importance of closely observing any anomalies, and immediately reporting suspicious activities. Inform relevant stakeholders of the threat. This can include partners, customers, and suppliers who may be indirectly affected by an attack on your organization.