Hackers have flooded the dark web with credit card details stolen from Russia’s largest bank as cybercriminals target the country in the wake of the Ukraine invasion.
The card details of 113,476 Sberbank customers have leaked onto the dark web since the conflict began, according to research by data intelligence firm Cyberint, where they are being advertised for sale to fraudsters.
This is almost 10 times the number circulating on illicit websites before the conflict began.
Sberbank has been hit by international sanctions since Vladimir Putin launched his war. Cyber experts said this has made it more vulnerable to hackers because it is easier to con distracted staff into sharing sensitive details.
The Telegraph revealed the British Government’s plan to slap Sberbank with sanctions in February.
Its operations have since gone into sharp decline across Europe. The lender’s Austrian unit was the first Russian financial institution to collapse because of sanctions, and Sberbank is also winding down its investment bank in London.
Hacking collective Anonymous claims to have attacked the Russian lender in the past few days, and it has also experienced major website outages or so-called “DDoS” attacks.
Sberbank said it had fought back against the largest DDoS attack in its history on 6 May.
Professor Alan Woodward, a cyber expert at the University of Surrey, said: “Sberbank is in flux and one of the biggest things that happens with that is socially-engineered attacks on employees. The bank is having to change all sorts of things at the moment, and the people working in the bank will not necessarily be used to it.
“It would therefore be easier for someone to con them out of login details. They can phone up and pretend to be someone else, or send in a phishing email. It’s easier to fool someone in a chaotic situation.
“It’s difficult not to conclude there’s some sort of political motivation behind this as well as it being criminal activity. The huge uptick in leaked card details here shows the hackers are really going for it.”
British banks have been told they could also be targeted by politically motivated cyber attacks. The Financial Conduct Authority (FCA) has written to the chief executives of large lenders to warn them that their businesses are a likely target for attacks in retaliation for sanctions against Russian companies and oligarchs.
Charlie Nunn, the chief executive of Lloyds, has said it is on “heightened alert” for a cyberattack from Russia.
Professor Woodward said: “The National Cyber Security Centre has been very on the ball with all of this, and they’ve been warning that an attack is almost inevitable.
“If a bank gets attacked and these sorts of details are leaked then real people suffer financial losses. We often forget about card fraud, but it’s probably one of the biggest costs in cyber crime.
“All of this is one of the bank’s biggest nightmares. If your card details were lost, you would just take your business elsewhere. The banks hold a lot of highly sensitive information about you – and not just your financial information. You just wouldn’t trust them any more if they lost that.”