Hackers Steal Over $300 Million from Banks in Elaborate Heist

According to Russian cybersecurity company Kaspersky Labs, the banking industry has just been catapulted into “a new era in cybercrime.” This statement comes after Kaspersky concluded an 18 month long investigation into a sophisticated cyberattack that has been targeting financial institutions worldwide since 2013. Although the actual amount of money stolen via this complex attack varies between $300 million and $1 billion depending on the source, what is clear is that the group responsible for this attack represents one of the most complex cyberattacks ever discovered. Kaspersky was first invited to investigate the matter after a Ukrainian ATM began spitting out cash at random without anyone inserting a card or touching any buttons on the machine.

The Carabanak group, as security researchers are now referring to the crime ring, relied on a complex system of viruses and Trojans to monitor the activity of infected machines for months at a time. This is different than most corporate intrusions because the hackers were not interested in exploited weaknesses within the financial institutions’ software. Rather, the criminals took screenshots of infected machines at 20 second intervals in an attempt to learn legitimate internal procedures. Once learned, these procedures were used to impersonate the victim and process fraudulent transactions that were undetectable by the security measures built into the financial systems of targeted banks.

A spokesperson for Kaspersky Labs was quoted as saying that it was “the most highly sophisticated criminal attack we have ever seen.”

This spokesperson, Kaspersky Chief of Staff Anton Shingarev, also added that the techniques used by these cybercriminals are very similar to methods that have been used by government agencies in the past. According to the report recently released by Kaspersky, most of the targeted banks were located in Russia, the U.S., Germany, Ukraine, and China with a total target pool of approximately 30 banks. One of these banks, which the report did not identify, lost over $7 million because of ATM fraud and another bank lost nearly $10 million when hackers entered personal online banking pages before initiating wire transfers to banks in other countries. These criminals were able to gain access to the entire banking system.

hackers steal over 300 million

This includes the ability to remotely control ATMs and manage the transfer of funds between various accounts. The scam was so complex that banks had no idea that a massive cybercriminal campaign was underway until that fateful day in Ukraine where a remotely controlled ATM began shooting money onto the street without warning. This group was also profiled late last year by Dutch security firm Fox-IT although in this report the group was referred to as Anunak. The group has been linked to major credit and debit card breaches at U.S. retailers including Bebe Stores Inc., Sheplers, and Staples.

Despite the financial losses suffered by these businesses, the latest report broken by Kaspersky is the group’s biggest heist yet.

What’s most frightening about this string of attacks is that they may still be going on at the time of this writing. The malicious code injected into the networks of these financial institutions is specifically designed to avoid detection meaning that countless other financial institutions could be infected and not even know it. While the target of this attack seems to be the banks themselves (rather than individual customers), it is important that you regularly check your bank statements for any discrepancies. If anything odd is found, report it to your financial institution immediately to avoid further complications from this attack.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal