Article 3V73N $1 million heist on Russian bank started with hack of branch router

$1 million heist on Russian bank started with hack of branch router

by
Dan Goodin
from Ars Technica - All content on (#3V73N)
bank-robbery-800x450.jpg

Enlarge (credit: Henry Burrows / Flickr)

A prolific hacking group has struck again, this time stealing close to $1 million from Russia's PIR Bank. The July 3 heist came about five weeks after the sophisticated hackers first gained access to the bank's network by compromising a router used by a regional branch.

The theft-which according to kommersant.ru is conservatively estimated at about $910,000-is the latest achievement of a group researchers at security firm Group-IB call the MoneyTaker group. In a report published last November that first detailed the group, researchers said its members had conducted 20 successful attacks on financial institutions and legal firms in the US, UK, and Russia. In a follow-up report, Group-IB said MoneyTaker netted about $14 million in the hacks, 16 of which were carried out on US targets, five on Russian banks, and one on a banking-software company in the UK.

While MoneyTaker is skilled at concealing its activities, Group-IB was able to connect the heists by tracing a common set of tactics, techniques, and procedures. After initially gaining access to a target's network, members often spend months doing reconnaissance in an effort to elevate system privileges to those of a domain administrator. Members also try to remain active inside hacked networks long after the heists are carried out. The attackers also use a variety of freely available tools popular among hackers and security professionals alike, including the Metasploit exploit framework, Microsoft's PowerShell management framework, and various Visual Basic scripts.

Read 3 remaining paragraphs | Comments

index?i=eYJ0wvpbDR4:oG_e1Gh8OZo:V_sGLiPB index?i=eYJ0wvpbDR4:oG_e1Gh8OZo:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments