Skip to content Skip to sidebar Skip to footer

A Novel Hacker Grouping -> Moneytaker <- Steals Millions From Us In Addition To Russian Banks

A New Hacker Group -> MoneyTaker <- Steals Millions from US as well as Russian Banks

A novel Hacker Group ‘MoneyTaker’ uncovered past times Group-IB targetting fiscal institutions as well as police push clit firms inwards the USA, UK, as well as Russia. They are really successful inwards targetting a number of banks inwards dissimilar countries as well as they rest anonymous.

Researchers named this novel grouping MoneyTaker, based on the cite attackers gave to ane of their hacking utilities.

Security researchers from Group-IB uncovered the operations as well as the Hacker Group constitute targetting mainly on bill of fare payments including the AWS CBR (Russian Interbank System) as well as purportedly SWIFT (US).

To stimulate got total command of the operation, MoneyTaker uses a Pentest framework Server. On it, the hackers install a legitimate tool for penetration testing – Metasploit. The grouping uses Metasploit to deport next activities:

1 Network reconnaissance

2. search for vulnerable applications

3. exploit vulnerabilities,

4. escalate systems privileges

5. collect information.

MoneyTaker stole a whopping $3 1000000 from 3 Russian fiscal institutions field a amount of $500,000 was stolen from banks inwards the United States. But, the grouping is non limiting itself to coin or banking sector, inwards fact, MoneyTaker also targeted fiscal software vendors as well as police push clit firms.

“Criminals stole documentation for OceanSystems’ FedLink bill of fare processing system, which is used past times 200 banks inwards Latin America as well as the US,” says the written report compiled past times Group-IB.

Researchers confirmed that MoneyTaker targeted xx companies alongside 1 inwards the UK, 3 inwards Russian Federation as well as sixteen inwards the US. All those attacks went unreported as well as undetected since the grouping used publically available tools for the operations.

“MoneyTaker uses publicly available tools, which makes the attribution as well as investigation procedure a non-trivial exercise. In addition, incidents laissez passer on off inwards dissimilar regions worldwide, as well as at to the lowest degree ane of the US Banks targeted had documents successfully exfiltrated from their networks, twice. Group-IB specialists await novel thefts inwards the close futurity as well as inwards gild to cut this risk, Group-IB would similar to contribute our written report identifying hacker tools, techniques every bit good every bit indicators of compromise nosotros attribute to MoneyTaker operations,” said Dmitry Volkov, Group-IB Co-Founder as well as Head of Intelligence.

Attackers studied banking company networks past times stealing documentation files
Evidence collected past times Group-IB suggests attackers intentionally searched as well as stole internal documentation files to larn almost banking company operations inwards grooming for futurity attacks.

In only about cases, attackers also stole documents on SWIFT, only about other inter-banking coin transfer system, as well as files on OceanSystems’ FedLink, a bill of fare processing organisation widely deployed across Latin America.

Now, experts believe Latin America banks as well as banks utilizing the SWIFT organisation are inwards MoneyTaker's crosshairs. The SWIFT squad issued a written report final calendar month alongside recommendations on how banks could better their security.

In the wake of getting into the bill of fare processing system, the assailants removed or increased coin withdrawal limits for the cards held past times the mules as well as the average loss volition last $500,000 USD.