A newly discovered Russian hacker group known as Buhtrap has attacked 13 Russian banks since August 2015, using malware that infiltrates their gateway to the central bank, according to Moscow-based cyber security company Group-IB.
The hackers spread the malware using infected e-mails that mimicked correspondence from the
central bank and Gazprombank JSC, Group-IB said in a report Thursday. The program then targeted the automated bank-customer system that connects to the regulator – reports Bloomberg.
“This is the most critical system for Russian banks,” Dmitry Volkov, the head of Group-IB’s cyberintelligence department, said by phone. “This is the same as if hackers were to get access to the SWIFT system at Citibank, for example.”
In their biggest heist identified to date, the hackers stole 600 million rubles ($8.65 million), the security firm said, declining to name the lender. Two small regional banks that were targeted each suffered losses totaling 2.5 times capital. In another case, an attempt to steal 1 billion rubles was thwarted.
Russian-speaking hackers are known for sophisticated attacks on financial institutions. A group known as the Carbanak gang, whose members included people from Russia, China, Ukraine and other parts of Europe, created a malware for ATM operating systems that forced the machines to spit out cash to henchmen at a certain time, according to Kaspersky Lab, Russia’s largest maker of antivirus software. Hackers stole 677 million rubles from Metallinvestbank last month, RIA Novosti reported.