Group-IB Investigating a New Daring Attack by MoneyTaker: Hacker Try to Steal $1 mln from the Bank
(Jul 19, 2018)
The financially-motivated threat group “MoneyTaker” has been found to have launched an attack on the Russian bank “PIR Bank,” according to Group-IB researchers. MoneyTaker was able to steal funds worth approximately $1 million USD through the Russian Central Bank’s Automated Workstation client on July 3, 2018. The Central Bank’s Automated Workstation client is an interbank fund transfer system that is similar to the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network. The Russian newspaper “Kommersant” reported that MoneyTake was able to steal around $920,000 USD, conservatively. Since this is the amount the bank gave to the newspaper, it is possible the actual amount is larger.
Recommendation: Members of the financial services industry should be aware they are specifically targeted by malware due to the nature of their business. Never open files from unverified sources, and be aware of other infections vectors such as email attachments and infected websites.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.