A newly discovered Russian-language hacker group known as Buhtrap has attacked 13 Russian banks since August using malware that infiltrates their gateway to the central bank, according to Moscow-based cybersecurity company Group-IB.
The hackers spread the malware using infected e-mails that mimickedcorrespondence from the central bank and Gazprombank JSC, Group-IB said in a report Thursday. The program then targeted the automated bank-customer system that connects to the regulator.
â€œThis is the most critical system for Russian banks,â€ Dmitry Volkov, the head of Group-IBâ€™s cyberintelligence department, said by phone. â€œThis is the same as if hackers were to get access to the SWIFT system at Citibank, for example.â€
In their biggest heist identified to date, the hackers stole 600 million rubles ($8.65 million), the security firm said, declining to name the lender. Two small regional banks that were targeted each suffered losses totaling 2.5 times capital.
In another case, an attempt to steal 1 billion rubles was thwarted.
Russian-speaking hackers are known for sophisticated attacks on financial institutions. A group known as the Carbanak gang, whose members included people from Russia, China, Ukraine and other parts of Europe, created a malware for ATM operating systems that forced the machines to spit out cash to henchmen at a certain time, according to Kaspersky Lab, Russiaâ€™s largest maker of antivirus software. Hackers stole 677 million rubles from Metallinvestbank last month, RIA Novosti reported.