Carbanak hacking group

in #technology7 years ago (edited)

Kaspersky researchers have discovered the theft of $1 billion from banks over the past two years....

Since 2013, the cybergang have attempted to attack banks, e-payment systems and financial institutions using the Carbanak malware. The criminal operation has struck banks in approximately 30 countries.

Sergey Golovanov, Principal Security Researcher at Kaspersky Lab's Global Research and Analysis Team told attendees at the Kaspersky Lab Security Analyst Summit that tracking the operation began when he was shown a video of a criminal taking money from an ATM without touching the machine.

The presence of this malicious code provided the trail which the team followed to find Carbanak malware in a Moscow-based bank's internal networks. The security researchers found that infection -- which began through three spear phishing emails -- in the bank's networks had remained undetected for two months. In total, 22 Chinese exploits were found.


A bank requested help from the security company to tackle the problem of how the man is getting money !!-- as every ATM in a specific area had been taken from. Originally, Golovanov and colleagues searched for malware in the ATM network itself but came up short -- finding instead "terrible" misconfiguration in network configuration. This led to the discovery of Carberp and Anunak malware code -- open-source malicious code used in Carbanak.

Once infected with Carbanak, the malware spread across internal corporate networks and tracked down administrator computers before using covert video surveillance programs to capture and record the screens of staff dealing with cash transfer systems. Another way the cybercriminals were able to steal bank funds was through compromised ATMs. Through Carbanak, bank ATMs were "ordered" to dispense cash at pre-determined times, where a criminal associate would be waiting to collect the payment -- the case in question which brought Carbanak to the notice of the security firm.


The researchers say it is likely the criminal actors originate from Russia, Ukraine, Europe and China. Countries including the US, UK, Australia, Canada and Hong Kong have been targeted -- and the operation remains active.

Sort:  

Congratulations @drkaizoku! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Coin Marketplace

STEEM 0.16
TRX 0.17
JST 0.028
BTC 69086.63
ETH 2471.20
USDT 1.00
SBD 2.39