The raid is believed to have been carried out by the MoneyTaker gang which has hit other financial companies. In 2017 it was suspected of stealing nearly USD 10 million from Russian, British and American companies.
Group-IB was called in to help Russia’s PIR Bank after it noticed the theft. In its report, Group-IB said the cash was taken in a series of transfers on the 3rd of July, 2018 via a computer at the bank to which the gang had obtained access.
Even if the staff at PIR were able to stop some of the transfers, the gang’s used money mules (paid helpers) to cash out large amount of money at the ATMs.
The attack began in late May 2018, said Group-IB, and initially concentrated on a piece of networking hardware known as a router, which the gang was able to compromise. By taking over this router, the gang gained access to the bank’s internal network.
Once on the network, the thieves took time to find a specific computer used to authorise transfers of cash. It then used its knowledge of this system, known as the Automated Work Station Client of the Russian Central Bank (AWS-CBR), to set up the fake transfers.
Group-IB said the tools and techniques used by the gang to penetrate the bank and lurk on its internal systems were known to have been used by MoneyTaker in other robberies, BBC added.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright