A previously unknown ring of Russian-language hackers has stolen as much as $10 million from U.S. and Russian banks in the last 18 months, according to a Moscow-based cyber-security firm that runs the largest computer forensics laboratory in eastern Europe.
The hackers, who also breached a U.K. software and service provider, are now probing institutions in Latin America and may be trying to compromise the Swift international bank messaging service, according to the security firm, whose clients range from Russia’s biggest lender Sberbank PJSC to Raiffeisen Bank International AG. “Criminals have changed tactics and are now focusing on banks rather than their clients, as was standard operating procedure in the past,” Dmitry Volkov, the head of Group-IB’s cyber intelligence department, said by phone.
Since its first successful breach in May 2016, MoneyTaker has stolen from banks in New York, California, Utah and Moscow, primarily targeting smaller institutions with limited cyber defenses, Group-IB found.
The average haul from U.S. banks was about $500,000, and it stole over $3 million from three Russian lenders.
Group-IB said the U.S. banks were targeted by gaining access to their card-processing system and then opening accounts at the compromised institutions.
Russia is all over the internet, using it for everything from stealing money, to geopolitical operations, to stealing intellectual property, and more. Do not expect the Russians to cease anytime soon considering how lucrative, and inexpensive it is to use cyber for these attacks