‘Criminals installed Raspberry Pis in banks for network attack’

Spread the love

Criminals have attacked at least eight banks in Eastern Europe by covertly installing hardware in branches to gain access to the networks. They would have stolen tens of millions of euros.

Kaspersky Labs investigated the ICT attacks that took place in 2017 and 2018 and has named the attacks by the group DarkVishnya. The criminals managed to place hardware in the headquarters or regional offices of at least eight banks. They gained access by posing as a courier or job applicant, after which they placed hardware in inconspicuous places in, for example, meeting rooms.

These included cheap laptops, Raspberry Pis and Bash Bunnies. The latter are USB sticks that contain tools to carry out attacks from a distance. Within the bank networks, the devices posed as an unknown computer, external USB drive or keyboard.

The attackers then connected to the devices via lte to scan the banks’ local networks. For example, they tried to get logins and obtain details about servers and workstations that were used for payments. According to Kaspersky, they used shell code with local tcp servers to bypass firewalls. At the last stage, they tried to get permanent remote access to systems, using msfvenom.

Tables with built-in connections can be used by criminals for hidden implants

You might also like