A previously unreported Russian-speaking crime ring has looted $10 million from 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia over the past two years.
The MoneyTaker group, uncovered by Moscow-based forensics lab Group-IB , has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and First Data's Star portal.
The hackers have gone unnoticed by constantly changing their tools and tactics to bypass antivirus and traditional security solutions and carefully eliminating their traces after completing their operations.
The first attack in the US that Group-IB attributes to this group was conducted in the spring of 2016 when the hackers gained access to First Data's Star network operator portal via compromised bank workstations, allowing them to lift withdrawal limits on legitimate gift cards and withdraw large sums from a co-ordinated raid by money mules planted across the country.
Since that initial success, the group has moved on to attack over 20 victims. The average haul from US banks was about $500,000, and it stole over $3 million from three Russian lenders.
The MoneyTaker group now appears to be widening its horizons, says Group-IB, with online chatter suggesting that banks connected to the Swift messaging network are now viewed as potential targets.