Lei Feng.com, the notorious hacker organization MoneyTaker is really big, they actually stole $1 million from a bank of the fighting nation, and the breach is an outdated router.
The attack was on PIR Bank, which lost at least $920,000. The money was originally in the corresponding account of the Russian bank.
Right now, the Russian network security company Group-IB is in charge of the investigation of the hacking incident. After studying the infected workstations and servers of PIR Bank, they concluded that MoneyTaker is definitely behind the scenes, and they failed to wipe out their traces after the attack.
Group-IB is very familiar with the tactics of MoneyTaker, because in December last year they pulled the mask of MoneyTaker through a report.
In addition to the PIR bank vote, MoneyTaker has also done business in the United States, British banks and financial institutions, dating back to 2016. Group-IB pointed out that MoneyTaker is mainly focused on infiltrating interbank lending and card processing systems when attacking banks and financial institutions. The most unfortunate ones are the STAR Network of First Data and the automated workstation client of the Central Bank of Russia (AWS CBR) system. Over.
These hackers are simply masters of process control.
Group-IB found that this time MoneyTaker was also a dedication. At the end of May this year, they successfully penetrated the bank's network through the obsolete router of a branch of PIR Bank.
'The router's channel has a problem, allowing the attacker to directly access the bank's local network. ' Group-IB security experts explained. 'This attack is simply the MoneyTaker label, the same method they have used at least three times. . '
With the breakthrough of the router, hackers succeeded in infecting the bank's local network with malware. Then with the help of PowerShell scripts, they can carry out their sinful activities without knowing it.
After completing the penetration of the PIR bank's main network, MoneyTaker also successfully accessed the bank's AWS CBR account, so that they controlled the bank's financial transactions.
On July 3, MoneyTaker began to use the system to transfer money. They transferred $92 million from the PIR Bank account in the Russian bank to the pre-opened 17 accounts. The money has just been dropped, and the MoneyTaker people immediately 4. The money was taken away from ATM machines all over Russia, and the efficiency was astounding.
One day later, the employees of PIR Bank discovered that the bank's account had been emptied, and everything was too late.
When MoneyTaker commits a crime, the hackers involved in the attack usually emptied the logs on the infected computer to hide their whereabouts. However, this time Group-IB discovered the hackers' access to the infected computer.
This year, MoneyTaker and Russian banks are getting stronger.
This is not the first time MoneyTaker has attacked Russian banks. They got their hands at the beginning of this year, but in the end they failed to take their own 'victory fruit'. According to Group-IB statistics, at least 3 have happened in Russia this year. Similar events, but they will not announce the details until the end of the investigation. Group-IB believes that at least two of these are done by MoneyTaker.
In fact, MoneyTaker's trails are difficult to track, because they like to use common operating system tools to perform malicious attacks. Attacks by specialized malware are not their style. In addition, they will clear the log after committing the crime, and they are launching Before the attack, the network and system of the victim bank will be studied in detail. In order to know ourselves and others, MoneyTaker will even steal the bank documents in advance to understand each other.
In the three years since MoneyTaker became a military, at least tens of millions of dollars have been stolen from banks. Group-IB said that when MoneyTaker commits crimes in the United States, it takes an average of $500,000 each time, and in Russia this number will increase to 120. Ten thousand U.S. dollars.
Lei Feng found that in the past three years, MoneyTaker has blackened 15 US banks, 1 US service provider, 1 British banking software company, 5 Russian banks and 1 Russian law company.
