Cybersecurity firm identifies group of Russian-speaking hackers who stole $10 million from US and Russian banks
12 December 2017
A top cybersecurity firm said it has identified a group of Russian-speaking hackers who have allegedly stolen at least $10 million from US and Russian banks over the past year and a half.
The previously unknown group, named the "Money Takers" after a software tool they use, allegedly targeted banks across the US, and broke into at least 15 lenders in Utah, New York and California. The hackers stole at least $3 million from Russian banks, according to a report from the Moscow-based cybersecurity firm IB-Group obtained by ABC News.
According to the report, the group also stole materials indicating it might be targeting institutions in Latin America, and could be trying to breach the Swift international banking messaging system that helps make the huge number of the world's financial transactions.
Starting May 2016, the group mostly targeted card payment systems of small community banks in the US, and later hit a transfer system used between Russian banks, IB-Group said. The report said the hackers focused on small US banks with fewer resources to put into cyberdefenses, and succeeding in stealing an average of $500,000 from each.
After breaking into the banks' card payments systems, the hackers would open accounts and remove withdrawal limits on legitimate cards, the report said. So-called 'mules' or criminals with the cards, would then go to an ATM and take out money, according to IB-Group.
The first attack in 2016 targeted banks in First Data's ''STAR'' network, the largest US bank messaging system connecting ATMs at more than 5,000 organisations, Group-IB researchers said in a 36-page report.
First Data said in a statement that a number of small financial institutions operating on the STAR network had had their credentials breached for administering debit cards earlier in 2016, which led First Data to implement new mandatory security controls. It added the STAR network was never itself breached.