Hackers net roughly $1m in Russian bank raid

Russian roublesImage copyright
Getty Images

Image caption

Russian banks have been strike several times by a MoneyTaker hacking gang

A scandalous hacking squad has struck again, hidden roughly £700,000 ($910,000) from a Russian bank, reports a cyber-security company.

Group-IB was called in to assistance Russia’s PIR Bank after it beheld a theft, pronounced a firm.

The raid is believed to have been carried out by a MoneyTaker squad that has strike other financial firms.

In 2017 it was suspected of hidden scarcely £7.5m ($10m) from Russian, British and American companies.

Wide warning

In a report, Group-IB pronounced a money was taken in a array of transfers on 3 Jul around a mechanism during a bank to that a squad had performed access.

Staff during PIR were means to stop some of a transfers, pronounced Group-IB, though a gang’s quick movement to “cash out” regulating paid helpers or “mules” during ATMs stopped a bank recuperating most of it.

Group-IB pronounced a collection and techniques used by a squad to dig a bank and slink on a inner systems were famous to have been used by MoneyTaker in other robberies.

The conflict began in late May, pronounced Group-IB, and primarily strong on a square of networking hardware famous as a router, that a squad was means to compromise.

By holding over this router, a squad gained entrance to a bank’s inner network.

Once on a network, a squad took time to find a specific mechanism used to authorize transfers of cash. It afterwards used a believe of this system, famous as a Automated Work Station Client of a Russian Central Bank (AWS-CBR), to set adult a fraudulent transfers.

“Attacks on AWS-CBR are formidable to exercise and are not conducted really often, since many hackers only can't work on computers with AWS-CBR successfully,” pronounced Valeriy Baulin, conduct of Group-IB’s digital forensics lab.

“A 2016 incident, when МoneyTaker hackers withdrew about $2m regulating their possess self-titled program, stays one of a largest attacks of this kind,” he added.

Information about MoneyTaker’s conflict techniques has now been circulated to other Russian banks to assistance them mark intrusions by a gang, pronounced Grooup-IB.