Russia Arrests 50 hackers Who Stole $25 million from Banks
According to the FSB internal security service “The Russian authorities carried out raids in 15 regions across the country and rounded up a gang of 50 hackers”. They are the suspects of stealing $25 million from banks and other financial institutions by seeding website with harmful Trojan that became very useful and gave them access to victims’ PC and from their PC hackers got access to victims’ bank accounts. This gang was active since 2011 in the country, was involved in uncountable cyber crimes and bank robbery. It is being called as a largest arrest of hackers in Russia.
This gang was using a malicious trojan, known as Lurk, is a ‘fileless’ trojan identified in 2012 that is smartly developed, runs in RAM and using it in Eastern Europe and the Russian Federation hackers have been collecting confidential data such as user name, id, password, banking details, personal information etc. for hacking victims’ bank accounts illegally.
Hackers apparently spreaded Lurk trojan on some of most popular Russian websites. Resulting it infected many PC users in the country. Lurk downloaded other malwares, software modules and automatically executable programs silently that allows hackers to obtain remote access to victims’ PCs without victims’ authorization. Taking advantage of it, hackers especially targeted Sberbank account holders, to stole login details of bank accounts.
Banks security softwares were unable to detect and analyze the malicious code instantly because Lurk was injected directly into RAM and the malware made it difficult once it had compromised a target machine.
Rulsan Stoyanov (Head of computer incident investigation at Kaspersky Lab) said “Hackers started attacking banks one and half years ago using Lurk trojan, and then its malicious program started targeting other enterprise and consumer system”. He is the man who helped to the Russian authorities to uncover the gangs activities.
“Russian authorities were also helped by Kaspersky for finding the gang’s network of computers and servers used to grab cash, these information became very helpful to trace the individuals involved in the bank robbery and we look forward to help police bringing down cyber criminals to justice ” said Mr. Stoyanov.
Arresting hackers was very intelligent move that helped to thwart pending money transfer. Hackers were targeted almost six banks that includes Metropol, Regnum, Russian International Bank, Metallinvestbank etc. They also obtained direct access to some of targeted banks’ systems.
In recent months Russian security firm Group IB detected a increasing activities in performing Advances Persistent Threat (APT) that keeps attacking on Russian banks, this technique is the hardest to defend against, cause it is carefully customized for every single target. In early 2016 The Lurk group diverted to APT based attacks when they found that source code for the famous Buhtrap malware was made available to public. The gang used Buhtrap for crafting duplicate emails just look like official emails that came from banking industries to trick people into opening harmful emails that contains executable code of Lurk Trojan.