PIR Bank in Russia victim of domestic $1m hack
PIR Bank in Russia has lost nearly $1 million from a breach by the notorious hacker group, MoneyTaker, according to Kommersant and Bleeping Computer.
The criminals, who broke in via an outdated router, stole $920,000 from a corresponding account at the Bank of Russia.
Group-IB, a Russian cybersecurity firm that was called in to investigate the incident, says it collected “irrefutable digital evidence implicating MoneyTaker in the theft”.
Group-IB unmasked the group’s existence and operations last December with a report on its previous attacks.
The group has been associated with hits at US, UK, and Russian banks since 2016.
MoneyTaker operated by infiltrating inter-banking money transfer and card processing systems such as the First Data STAR Network and the Automated Work Station Client of the Russian Central Bank (AWS CBR) system.
This latest attack was no different, as the hackers infiltrated PIR Bank’s network at the end of May via an outdated router at one of the bank’s regional branches.
“The router had tunnels that allowed the attackers to gain direct access to the bank’s local network,” Group-IB experts say. “This technique is a characteristic of MoneyTaker.”
MoneyTaker transferred funds from PIR Bank’s account at the Bank of Russia to 17 accounts opened in preparation, which were then withdrawn from ATMs across Russia.
By the time the bank spotted the fault a day later, it was already too late.
Hackers tried clearing logs from infected computers to hide their tracks, although not fully successfully.
“This is not the first successful attack on a Russian bank with money withdrawal since early 2018,” says Valeriy Baulin, head of digital forensics lab, Group-IB. “We know of at least three similar incidents, but we cannot disclose any details before our investigations are completed.”
Group-IB says that at least two of these have been carried out by the MoneyTaker group.
The firm says MoneyTaker’s history of hacks include 15 US banks, a US services provider, a UK banking software company, five Russian banks, and one Russian law firm.
FinTech Futures was recently in Moscow talking with a bunch of companies about cybersecurity, such as Sberbank and Microsoft.