A previously undetected hacker group has netted around $10 million in heists on at least 20 companies, in some cases by targeting the transfer networks banks use to transfer money, a Moscow-based security firm said Monday.
Members of the MoneyTaker group, named after a piece of custom malware it uses, started its heist spree no later than May 2016. That's when it penetrated an unnamed US bank, according to researchers with Group-IB in a report titled MoneyTaker: 1.5 Years of Silent Operations. The hackers then used their unauthorized access to control a workstation the bank used to connect to the First Data STAR Network, which more than 5,000 banks use to transact payments involving debit cards.
MoneyTaker members also targeted an interbank network known as AWS CBR which interfaces with Russia's central bank. The hackers also stole internal documents related to the SWIFT banking system, although there's no evidence they have successfully carried out attacks over it.
Last year, online criminals used stolen SWIFT account credentials to steal $81 million from a bank in Bangladesh. Group-IB said the amount of information MoneyTaker has amassed on the Star, SWIFT, and AWS CBR networks raised the possibility the group may be planning more heists that target the interbank payment systems.
"A number of incidents with copied documents that describe how to make transfers through SWIFT are being investigated by Group-IB," company officials said in a statement. "Their contents and geography indicate that banks in Latin America may be targeted next by MoneyTaker."
Reply With Quote
Bookmarks