This Cyber-attack on Bank Networks Witnessed Theft of $18 Mn

It has come to light that a group of Russian cybercriminals gained unauthorized access to internal payments networks of banks and stole around $18 million. Forensic experts from the companies Group-IB and Fox-IT have identified the particular group behind the attack called as ‘Anunak’. Anunak's targets in Russia and CIS countries were banks and payments systems. While in Europe, USA and Latin America criminals were mainly focusing on retail networks as well as mass media resources.

Criminals used malware that goes under the 'Anunak' title and allows for organized targeted attacks at banks and e-payment systems. Malefactors can easily get into banks networks and gain access to secured payment systems. As a result, the money is stolen not from the customers, but from the bank itself. When malefactors gain access to internal networks, they have total control over system administrators, record videos of key workers actions to understand how the work is organized. They then take control over e-mails to monitor internal communications and set up remote control to the network by changing its hardware parameters.

The experts discovered that hackers had access to cash machines management systems and could remotely infect them with malware for the purpose of getting money from them upon request in future. Here’s what actually happened in the attack, as highlighted by the Group-IB and Fox-IT:

  • Average theft in Russia and CIS countries for this group is 2 million US dollars.
  • Anunak group had access to more than 50 Russian banks, 5 payment systems, 16 retail companies. Most of the retail companies are outside of Russia, while not a single US/EU bank has been attacked.
  • As of now more than 1 billion rubles has been stolen by the group in total, most of that during the last 6 months.
  • Average time from the moment the group gains access to an internal network before the money is stolen equals 42 days.

Andy Chandler, Senior VP at Fox-IT, said in an official press release: 'This is very serious and as soon as we could conclude our joint investigations we wanted to share the information and not just for our customers but everyone. They (Anunak) are very pro-active and at times innovating, when you look at the volumes of money, credit cards and intellectual property they have taken, this can only be described as a ‘professional' criminal campaign with a high level of success and please believe they are not going away anytime soon.'