How hackers stole billions from Russian banks in just seconds

After three years of inactivity, a Russian hacking group reappeared to steal a large amount of money from multiple banks by compromising an automated workstation operated by a Bank of Russia customer. This attack was detailed by Group-IB experts in their latest report on security threats against financial institutions.

This group, identified as MoneyTaker, had last been detected in mid-2018, operating an attack that resulted in losses of more than 58 million rubles from the affected bank, whose license was revoked by authorities after the incident.

Although investigators did not reveal the name of the bank affected in this latest attack and the amount stolen, a source close to the Central Bank assures that the losses could amount to 500 million rubles, in addition to mentioning that a smaller bank would also have been affected.

On the other hand, a spokesman for the Central Bank confirmed that the institution is aware of the incident, so some measures are already being taken to collect information about the attack.

In more details about the heist, Group-IB says it all started in mid-2020, when a physical device installed on a network affiliated with the affected bank was compromised. Subsequently, the threat actors would have accessed the banking network, a task that took about a month; over the next six months, hackers scanned the network using various tools, including remote access software, credential collectors, and more.

The final stage of the attack began in January 2021, when hackers gained full access to the Russian banking system’s interbank transfer system, in addition to accessing digital keys for signing payments that pass through the Central Bank.

Dmitry Volkov, ceo of Group-IB, adds that there is a risk of such attacks being repeated, in something reminiscent of the wave of attacks that took place between 2017 and 2018, generating millions of rubles in losses. The researcher believes that on this occasion everything was facilitated by the large amount of missing work in the field of cybersecurity of Russian banks, in addition to the lack of regulations imposed by regulators.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.