Hackers have stolen nearly $1 million from a Russian bank after breaching its network by targeting an outdated router at a regional branch.
Russian financial institution PIR Bank has been looted by the infamous MoneyTaker hacking group, according to a Moscow-based cybersecurity firm called in by the bank for an incident response. Local reports reveal that PIR Bank lost around $920,000 from their correspondent account at the Bank of Russia, with Group-IB describing this as a “conservative estimate”.
Specifically, funds were stolen on July 3 through the Russian Central Bank’s Automated Workstation Client (an interbank fund transfer system that is similar to SWIFT), transferred to 17 accounts at major Russian banks before they were cashed out.
A forensic analysis had the cybersecurity firm study infected workstations and servers at the banks to collect digital evidence that directly implicates the tools and techniques associated with similar attacks in the past from MoneyTaker.
The targeted router had tunnels enabling the attacker to gain direct access to the bank’s local network, Group-IB said. This particular approach has been used by the same hacking group at least three banks while attacking banks with regional branches of banks, the cybersecurity firm added.
“On the evening of July 4, when bank employees found unauthorized transactions with large sums, they asked the regulator to block the AWS CBR digital signature keys, but failed to stop the financial transfers in time,” Group-IB revealed. “Most of the stolen money was transferred to cards of the 17 largest banks on the same day and immediately cashed out by money mules involved in the final stage of money withdrawal from ATMs.”
While the hackers attempted to erase logs and hide evidence of their attack by wiping off their tracks, a forensic analysis gathered enough digital evidence to implicate the suspected hackers. MoneyTaker has also been implicated in 16 attacks in the United States, five attacks on Russian banks and one attack on a banking software company in the UK. On average, the damage caused by one attack in the United States amounted to $500,000.
Image credit: Pixels.