A hacker collective took advantage of the security flaw of a Russian bank's obsolete router to subtly close to $1 million.
It is via an obsolete router that the hacker collective MoneyTaker has seized a million dollars in the coffers of the PIR Bank. Shortly after the hack, the bank approached a computer security company to assess the damage of the attack. The verdict is without appeal to the experts of Group-IB, the Russian cyber security company responsible for the investigation: The attack is signed Money Maker
Indeed, the hackers of the collective have left traces behind them and group-IB was able to identify them quickly. It must be said that this computer security company is accustomed to the methods used by MoneyTaker since it revealed, last December, the existence of this collective expert in cybercrime, their methods as well as their fields of Favorite.
Unfortunately, this is not the first time that such an attack has occurred on Russian soil. The MoneyTaker Collective is, in fact, suspected of being behind two other similar computer attacks. All of them were targeting a Russian bank. To carry out their operation, hackers have infiltrated an old obsolete router in one of the bank's regional subsidiaries. Once the internal network was infiltrated, it was easy to insert several movers and a few PowerShell scripts to search quietly and without arousing suspicion
the collective had access to the AWS CBR (automated Work Station Client of the Russian Central Bank) account, which gave them control over all monetary transactions carried out by the bank. MoneyTaker then used the AWS CBR system to transfer funds from the PIR bank accounts to several Bank of Russia accounts. Created in advance, these accounts were immediately emptied by withdrawal from distributors located across the country. The PIR Bank did not notice the flight until 24 hours later
It took all the expertise of the teams of the company Group-IB to expose the collective behind this heist to 1 million million. Unfortunately, this is not the first time that Russian banks have faced this kind of computer attacks in 2018. Moniker knows the risks to attack the Russian banks and makes sure to plan its assaults well. Over the past three years, MoneyTaker's accumulated loot has been estimated at 10 million
At its hunting table, MoneyTaker currently has 15 American banks, a British banking software company, five Russian banks and a Russian law firm. The list is not ready to stop