A group of Russian cybercriminals which specialises in gaining access to the internal payments networks of banks has stolen more than $18 million over the past six months.
The group, which goes under the name Anunak, has been uncovered by forensics experts at Moscow-based Group-IB and Fox-IT of the Netherlands.
Anunak's targets in Russia and CIS countries are banks and payments systems while in Europe, USA and Latin America criminals were mainly focusing on retail networks as well as mass media resources.
The gang uses malware that goes under the Anunak title and allows for organised targeted attacks at banks and e-payment systems. When the crooks gain access to internal networks, they have total control over system administrators and record videos of key workers actions to understand how the work is organised. They then take control over e-mails to monitor internal communications and set up remote control to the network by changing its hardware parameters.
The average time from the moment the group creeps into an internal network before the money is stolen equals 42 days.
The investigation found that the Anunak group had access to more than 50 Russian banks, 5 payment systems and 16 retail companies. Group-IB and Fox-IT analysts discovered that hackers had access to cash machines management systems and could remotely infect them with malware for the purpose of getting money from them upon request in future.
Andy Chandler, senior VP at Fox-IT says: "This is very serious and as soon as we could conclude our joint investigations we wanted to share the information and not just for our customers but everyone. They (Anunak) are very pro-active and at times innovating, when you look at the volumes of money, credit cards and intellectual property they have taken, this can only be described as a ‘professional' criminal campaign with a high level of success and please believe they are not going away anytime soon."