A previously unknown ring of Russian-speaking hackers has stolen as much as $10 million from U.S. and Russian banks in the last 18 months, according to a Moscow-based cyber-security firm Group-IB that runs the largest computer forensics laboratory in eastern Europe.
The MoneyTaker group broke into 20 systems, which includes 15 U.S. lenders, targeting ATMs with “mules” and Russia’s interbank money-transfer system, Group-IB said in a report provided to Bloomberg.
The hackers, who also breached a U.K. software and service provider, are now probing institutions in Latin America and may be trying to compromise the Swift international bank messaging service, according to the security firm, whose clients range from Russia’s biggest lender Sberbank PJSC to Raiffeisen Bank International AG.
“Criminals have changed tactics and are now focusing on banks rather than their clients, as was standard operating procedure in the past,” Dmitry Volkov, the head of Group-IB’s cyber intelligence department, said by phone.
The cell remained undetected by using so-called fileless malware that only exists on a computer’s temporary memory and destroys itself when the system reboots, meaning it’s not permanently stored and therefore can more easily evade anti-virus programs, according to Group-IB. At one bank, the hackers gained access to the network via the home computer of the lender’s system administrator.
Group-IB said the U.S. banks were targeted by gaining access to their card-processing system and then opening accounts at the compromised institutions. The attackers removed limits on the legitimate bank cards and used mules to withdraw cash from ATMs. The virus was so stealthy that, in at least one instance, a bank was successfully robbed twice.
Full article at Bloomberg