Československá obchodní banka (CSOB) Details

    Organization Logo

    Československá obchodní banka (CSOB)

    Prague8698 employees • Financial Services

    https://www.csob.cz/
    Czech Republic

    Industry

    Financial Services

    Security Incidents

    1

    Československá obchodní banka (CSOB) is one of the leading financial institutions in the Czech Republic and Slovakia. Founded in 1964, the bank was initially established to facilitate foreign trade transactions for Czechoslovak enterprises. Following the Velvet Revolution and subsequent split of Czechoslovakia, CSOB adapted its operations to serve a broader range of financial services, including retail banking, corporate banking, insurance, and investment services.

    Throughout its history, CSOB has achieved several notable milestones, including its successful privatization in 1999 when the Be...
    Show more

    Security Incidents

    Československá obchodní banka (CSOB) Breach of Nov 2023
    Severity Score
    Low to Moderate

    Type

    Malware Attack

    Summary

    In early November 2023, mobile users in the Czech Republic became the targets of a sophisticated phishing campaign that exploited Progressive Web Applications (PWAs) to steal banking credentials. The campaign focused on users of Československá obchodní banka (CSOB), Hungary's OTP Bank, and an unnamed Georgian bank. Attackers tricked users into installing PWAs that closely mimicked legitimate banking apps, bypassing traditional security warnings on both iOS and Android devices.

    The phishing attempts were spread through automated voice calls, SMS messages, and social media ads. These messages d...
    Show more

    Severity

    The phishing campaign in early November 2023 that targeted mobile users in the Czech Republic exhibited a high level of sophistication by exploiting Progressive Web Applications (PWAs) to steal banking credentials from CSOB, OTP Bank, and an unnamed Georgian bank customers. The attackers used a multi-faceted approach, including voice calls, SMS, and social media ads, to trick users into installing malicious PWAs that bypassed traditional security warnings. The involvement of at least two distinct threat actors, the use of command-and-control infrastructure for exfiltration of credentials, and ...
    Show more

    Impact

    In a recent novel phishing campaign targeting mobile users predominantly in the Czech Republic, threat actors employed Progressive Web Applications (PWAs) to steal banking credentials by bypassing traditional security protections. The campaign affected users of Československá obchodní banka (CSOB), Hungarian OTP Bank, and a Georgian Bank. No significant data breach has been reported in terms of customer data exposure; instead, the attack focused on credential theft.

    These phishing attacks did not take any systems or services offline, nor is there evidence of internal company data or intellect...
    Show more