Russian hackers stole millions from banks, ATMs

Status
Not open for further replies.

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals

Group-IB and Fox-IT, in a joint research effort, released a report about the Anunak hackers group. This group has been involved in targeted attacks and espionage since 2013.

Anunak targets banks and payments systems in Russia and CIS countries. In Europe, USA and Latin America criminals were mainly focusing on retail networks as well as mass media resources.

Anunak is unique in the fact that it aims to target banks and e-payment systems. The goal is to get into bank networks and gain access to secured payment systems. As a result, the money is stolen not from the customers, but from the bank itself. If they manage to infect governmental networks, they use the infrastructure for espionage.

When malefactors gain access to internal networks, they have total control over computers of system administrators and IT-specialist, record videos of key workers actions to understand how the work is organized. They then take control over e-mails to monitor internal communications and set up remote control to the network by changing its hardware parameters.

Experts discovered that hackers had access to cash machines management systems and could remotely infect them with malware for the purpose of getting money from them upon attackers request in the future.

In the report, Group-IB and Fox-IT describe in detail the methods and software that were used by hackers, and the methods and tools that can be used to protect networks and counter targeted attacks.

“We have seen criminals branching out for years, for example with POS malware,” says Andy Chandler, Fox-IT’s SVP and general manager. “Anunak has capabilities which pose threats across multiple continents and industries. It shows there’s a grey area between APT and botnets. The criminal’s pragmatic approach once more starts a new chapter in the cybercrime ecosystem.”

Some of the report’s key takeaways:
  • Average theft in Russia and CIS countries for this group is 2 million US dollars.
  • Anunak group had access to more than 50 Russian banks, 5 payment systems, 16 retail companies. Most of retail companies are outside of Russia, while not a single US/EU bank has been attacked.
  • As of now around 17 million dollar (over 1 billion rubles) has been stolen by the group, most of that during the last 6 months.
  • Average time from the moment the group gains access to internal network till the money is stolen equals 42 days.
  • Today, the Anunak group is still in operation which is why Group-IB and Fox-IT forecast an increase in the number of targeted attacks in 2015.
 
  • Like
Reactions: Janl92l and Kent

Janl92l

Level 7
Verified
Nov 7, 2014
339
Nice. Hate the banksystem anyway. Just criminal itself with evil peoples. Well done,would do the same.
 
  • Like
Reactions: darko999

delco90210

Level 1
Verified
Apr 1, 2014
17
why oh my god i am buy on russian site a game and my payment go to in hacker account oh my gosh thanks for the news i am call my bank tomorrow
 

donetao

Level 20
Verified
Sep 7, 2014
968
I have had at least 3 Russian IP addresses blocked by MBAM Pro. The internet is getting crazy and will only get worse.
Cyber crime is on it's way. A easy way for criminals to make their living!! Hang on, it will only get worse!
We can only surf safe and support forums like Malware Tips. It's bad enough for the criminals and trouble makers to infect our PC's; now they want to steel from us! If you don't have a program like MBAM Pro that blocks malicious IP's you are vulnerable to these hackers.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top