Previously undetected group of Russian-language hackers silently stole nearly 10 million dollars from at least 18 mostly United States and Russian banks in recent years by targeting interbank transfer systems, a Moscow-based security firm said.
Group-IB warned that the attacks, which began 18 months ago and allowed money to be stolen from banks’ Automated Teller Machines (ATMs), appeared to be ongoing and that banks in Latin America could be targeted next.
The first attack occurred in the spring of 2016 against banks in First Data’s (FDC.N) “STAR” network, the largest U.S. bank messaging system connecting ATMs at more than 5,000 organisations, Group-IB researchers said in a 36-page report.
It said it was investigating some incidents where hackers studied how to make money transfers through the SWIFT banking system, while stopping short of saying whether any such attacks had been carried out successfully.
The Moscow-based security firm said the hacker group hired “money mules” to pick up money from automated teller machines.
The security researchers said they had identified 18 banks which were hit, including 15 across 10 states in the United States, two in Russia and one in Britain.
“The average amount of money stolen in each of the 14 U.S. ATM heists was 500,000 dollars per incident. Losses in Russia averaged 1.2 million dollars per incident.“However, one bank there managed to catch the attack and return some of the stolen funds,” Group-IB said.
Group-IB said it had notified Interpol and Europol in order to assist in law enforcement investigations.
The unidentified hackers used a mix of constantly changing tools and tactics to bypass anti-virus and other traditional security software while being careful to eliminate traces of their operations, helping them to go largely unnoticed.
To disguise their moves, hackers used security certificates from brands such as Bank of America, the Fed, Microsoft and Yahoo, it said.