Hacker group successfully carried out 16 attacks on small banks in America
Security firm Group IB has published a report on a hacker group targeting primarily small US banks, in addition to targets in Russia and the UK. Over a period of 1.5 years, at least twenty attacks took place, the company claims.
The company has renamed the group MoneyTaker. In a more extensive report, Group IB describes how the group typically stole internal bank documentation in its hacks, probably to prepare for future attacks. In addition, the criminals were able to steal money, in the sixteen successful attacks on American targets, the damage averaged half a million dollars. In three attacks on Russian targets, that amounted to an average of 1.2 million dollars.
The hacker group used various techniques to penetrate the banking networks. For example, MoneyTaker used self-written tools, but also open source software such as Meterpreter and Metasploit. To disguise network traffic between infected systems and the command-and-control servers, the attackers themselves created signed digital certificates with the names of well-known companies such as Microsoft and Yahoo. The security company writes that in one case it was able to determine how the attackers first gained access to the network. They did this by taking over the home PC of an IT administrator.
In addition, the group used techniques to ensure that their methods did not fall into the ‘wrong’ hands. For example, by using ‘fileless’ malware that is only present in the memory of an infected system. In this way, it can be removed after use without leaving many traces. Also, the attackers’ server only distributed payloads to targets that appeared on a predefined list. The group replaced its attack infrastructure after each successful attack, the security firm said.
One of the researchers tells Bloomberg that the attackers mainly targeted small banks because they were relatively easy to penetrate due to lack of security means. The attacks mainly targeted payment card transaction processing systems. This allowed the attackers to create cards with which so-called money mules, or money mules, could withdraw money.