The raid is believed to have been carried out by the MoneyTaker gang which has hit other financial companies. In 2017 it was suspected of stealing nearly USD 10 million from Russian, British and American companies.
Group-IB was called in to help Russia’s PIR Bank after it noticed the theft. In its report, Group-IB said the cash was taken in a series of transfers on the 3rd of July, 2018 via a computer at the bank to which the gang had obtained access.
Even if the staff at PIR were able to stop some of the transfers, the gang’s used money mules (paid helpers) to cash out large amount of money at the ATMs.
The attack began in late May 2018, said Group-IB, and initially concentrated on a piece of networking hardware known as a router, which the gang was able to compromise. By taking over this router, the gang gained access to the bank’s internal network.
Once on the network, the thieves took time to find a specific computer used to authorise transfers of cash. It then used its knowledge of this system, known as the Automated Work Station Client of the Russian Central Bank (AWS-CBR), to set up the fake transfers.
Group-IB said the tools and techniques used by the gang to penetrate the bank and lurk on its internal systems were known to have been used by MoneyTaker in other robberies, BBC added.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now