The Russian Federal Security Service, also known as the FSB, has accused what it has called "foreign special services" of plotting to launch a major cyberattack against the country's financial system on Sunday (5 December 2016). In a statement posted to its website on Friday (2 December), the domestic security agency said large-scale cyberattacks were being planned in order to destabilise major banks in "several dozen Russian cities". It did not name which nations it believes are involved in the scheme.
The servers and "command and control centres" for the cyberattack are located in the Netherlands and registered to a Ukrainian hosting firm called BlazingFast, the FSB asserted.
"[The attack was] planned to be accompanied by a mass send-out of SMS messages and publications in social media of a provocative nature in relation to a crisis in the credit and banking system in Russia [including] bankruptcies and license withdrawals," the statement said.
It added: "The FSB is carrying out the necessary measures to neutralize threats to Russia's economic and information security."
According to Reuters, Russia's central bank said it was aware of the cybersecurity threat and claimed to be in "constant contact" with the FSB. "The situation is under control. Banks have been given necessary guidance," a spokesperson said.
Meanwhile, the director the BlazingFast, Anton Onoprichuk, told Reuters the FSB had not yet been in contact with his hosting service. He said he is awaiting further information but indicated he would be willing to investigate further. When asked if his business could be exploited to stage such an attack, he said: "Technically it is possible. It is possible with any hosting company, where you rent a server. You can attack whatever [you want] from it, and in 99% of cases it will become known only after the event."
In a separate interview, Onoprichuk told Bloomberg: "We will conduct an internal investigation, but it will take a lot of time, as it's like looking for a needle in a haystack. That's why I can neither confirm nor deny this information at the moment."
The FSB statement comes less than a month after five major banks in Russia were hit with a series of distributed-denial-of-service (DDoS) attacks. Sberbank, the country's largest state-controlled bank, alongside with four other financial intuitions, were partially disrupted at the time.
Russian security firm Kaspersky Lab said that at the height of the attack, roughly 660,000 web requests were being sent every second using a hijacked network of at least 24,000 Internet of Things (IoT) devices from the US, India, Taiwan and Israel.
For months, tension between the US and the Kremlin has escalated. In July, multiple cybersecurity firms revealed analysis suggesting that two Russia-linked hacking groups, APT28 and APT29, had targeted the computer networks of the Democratic National Committee.