Posted on December 13, 2017 at 10:29 AM
A group of Russian hackers has stolen $10 million from 18 different banks located in Russian and the US.
A security firm based in Moscow revealed earlier this week that a group of Russian hackers has been covertly stealing millions of dollars from banks located in Russia and the United States. According to the firm, the hackers have so far pocketed nearly $10 million in their almost two-year campaign which targeted the interbank transfer system. Up until recently, the hackers have remained undetected.
The attack was first launched a year and a half ago. According to Group-IB, the attack targeted ATMs located in Russia and the US. The attack campaign is still ongoing, and security experts have reason to believe that the attack could soon start targeting South American banks next.
The very first attack was launched in March 2016 and targeted First Data’s (FDC.N) so-called STAR network. In their 36-page long report, Group-IB stated that this system is the largest of its kind in the US, and is responsible for connecting ATMs to over 5,000 financial institutions worldwide.
Since the discovery, First Data released a statement which confirmed that several small financial institutions who use the STAR network, experienced security breaches after issuing debit cards in the first few months of 2016. This event led the firm to introduce new security policies. The firm maintained that their own internal system was never breached.
First Data added that they’re currently conducting an internal investigation regarding several of incidents where the hackers in question, managed to learn the mechanics behind SWIFT money transfers. However, the firm failed to mention whether any of these attempts were successful.
According to SWIFT, the hackers were still actively pursuing its interbank messaging system in October. However, shortly after the incident in 2016 where $81 million was stolen from the Bangladesh Central Bank, the firm has implemented strict security controls which successfully prevented them to successfully infiltrate the system.
Since their discovery, the hackers have been dubbed “MoneyTaker”. Using an eponymous software, the hackers infiltrate and hijack payment orders. After successfully hijacking the payment, cash mules are responsible for retrieving the money from the targeted ATM and delivering it to the hackers.
According to Group-IB, the hackers targeted 15 US banks, two Russian banks, and one bank based in the UK. In addition, the hacking group targeted a law firm and several financial software companies.
On average, the hackers stole $500,000 per ATM in the US and $1.2 million in Russia. However, one Russian bank detected the attack and managed to recover some of the stolen money.
MoneyTaker also managed to steal sensitive information from OceanSystems’ Fed Link which is used by over 200 different banks located in the US and South America. In addition, the hacking group infiltrated and compromised the Russian interbank messaging system, AW CRB.
According to Group-IB, once hackers infiltrated targeted banks, they also stole the target’s internal bank documents in order to orchestrate future attacks. The hackers continued to conduct covert espionage against its Russian targets, while a US target reported having its documents stolen repeatedly.
Group-IB is currently working with Europol and Interpol to pursue and arrest the responsible individuals behind MoneyTaker.
The hackers have used an eclectic mixture of methods that enabled them to bypass any detection by antivirus and antimalware software. By constantly updating their attack software and immediately erasing their tracks, the hackers have conducted attacks completed undetected for the last 18 months.