Main Banks Non-banking financial sector Cyber fraud
CSIRT-NBU Services

The Cyber Incident Response Team in the Banking System of Ukraine (CSIRT-NBU) offers banks the following services:


1. Incident Response

CSIRT-NBU assists its constituency in handling the technical aspects of cyberincidents. It includes incident report acceptance, technical data analysis and assistance, incident management coordination

  • Incident Report Acceptance

  • Incident Analysis

  • Incident Response Support

  • Incident Response Coordination

Proactive Risk

2. Proactive Risk Monitoring

CSIRT-NBU offer proactive risk monitoring service, including intelligence on current cyber threats and potential vulnerabilities, collecting information from various sources, researching and analysing data

  • detection of phishing domains

  • detection of data leakage

  • detection of compromised data of bank users' and customers' accounts

  • monitoring of potential vulnerabilities


3. Information services

Service of informing banks about current cyber threats and vulnerabilities, measures to counter cyber attacks and security measures necessary to protect customer information systems


Information exchange and interaction in responding to cyber incidents/cyber attacks is carried out in accordance with the requirements of the Procedure for Information Exchange between Ukrainian Banks and the Cyber Security Centre of the NBU on cyber defence and is carried out through:


The portal of the Cyber Security Centre – is a specialised website of the NBU designed to organise interaction and provide services by the Cyber Security Centre. For authorised connection to the portal of the Cyber Defence Centre, you need to register in accordance with the Connection Procedure.


MISP-NBU – is a specialised website of the NBU built on the basis of the MISP open source platform for the joint exchange of information on malware and cybersecurity threats. For authorised connection to MISP-NBU, you need to complete the registration procedure in accordance with the Connection Procedure.


Corporate messenger – a special system for the exchange of information messages between the participants of the information exchange. For an authorized connection, you need to go through the registration procedure in accordance with the Connection Procedure.


E-mail – for the exchange of information messages, the Cyber Security Centre uses the following e-mail accounts:


[email protected] – for the exchange of technical information.


[email protected] – for the exchange of information of a general organisational nature.

Training and

4. Training and education

CSIRT-NBU provides service for conducting trainings and educational sessions to raise awareness and understanding in the field of cyber defence, cyber incident response, and countering current cyber threats.