Carbanak: hundreds of millions of dollars stolen from banks
A group of hackers has stolen, since 2013, hundreds of millions of dollars in accounts of e-payment systems and banks of different countries. Specially affected are Russia and USA due to the volume of received attacks, although there are also affected countries in Europe, South America, Asia, etc.
For the attack, spear phishing techniques were used in order to infiltrate the systems of the targeted banks. Once inside them, the attackers studied the behaviour of the bank employees, in order to subsequently mimic their typical operations, although transferring the money to false accounts. In addition, ATMs were compromised, from which the criminals retrieved the money at predefined time frames.
This campaign, named Carbanak, has been detected by Kaspersky. The company is collaborating with Interpol, Europol and authorities of different countries. Previously, the APT has been reported by Fox-IT, who has named it Anunak.
References:
- 15/02/2015 securityweek.com Hackers Hit 100 Banks in 'Unprecedented' $1 Billion Cyber Heist: Kaspersky Lab
- 15/02/2015 europapress.es Hackers roban 300 millones de dólares de bancos de todo el mundo
- 15/02/2015 es.reuters.com Una banda de ciberdelincuentes roba $1.000 millones a bancos, según Kaspersky
- 15/02/2015 threatpost.com Carbanak Ring Steals $1 Billion from Banks
- 15/02/2015 securityaffairs.co Carbanak cybergang swipes over $300 million from banks
- 16/02/2015 securelist The Great Bank Robbery: the Carbanak APT
- 16/02/2015 securelist.com CARBANAK APT THE GREAT BANK ROBBERY
- 22/12/2014 group-ib.com Anunak: APT against financial institutions