According to Vedomosti, a hacker group, presumably it was MoneyTaker, was able to successfully attack the interbank transfer system AWP KBR (automated workstation of a Bank of Russia client) for the first time since 2018 and withdraw a large amount of money from the correspondent account of a client of one of the banks.
Specialists of the information security company Group-IB spoke about this incident in the Hi-Tech Crime Trends 2021/2022 report.
The name of the injured financial institution and the amount stolen from the client were not indicated in Group-IB's report. Industry experts believe that the hackers could have stolen about 500 million rubles, and the bank was not one of the top hundred in the list of Russian financial institutions.
Group-IB disclosed that the hackers had been carrying out actions for several months as part of this hack. In June 2020, they, using a physical device installed on the local network, were able to compromise one of the jobs of a company affiliated with the bank. Then, within a month, the attackers were able to gain access to the bank's internal network. They were inside the perimeter of the bank's network for six months. During this time, hackers analyzed the internal network of the institution, looked for vulnerabilities and used exploits for some of them, including hacking the remote access system and the system for verifying and storing the bank's customer credentials. In January 2021, hackers were able to gain remote access to the interbank transfer system of one of the clients and intercept digital keys for signing payments that are sent through the Central Bank to another bank. The hackers manually copied the payments forged by them and signed with valid keys into a special folder in the AWS KBR system, the system processed them and transferred funds from the bank client's accounts to the accounts indicated by the attackers. After carrying out the attack, the hackers removed almost all traces of their presence in the system.
Earlier, a similar attack was organized by hackers in 2018, when they were able to steal more than 58 million rubles from PIR Bank (the organization is no longer working).
In its report, Group-IB also disclosed that the damage to clients of Russian banks from a fraudulent scheme using fake payment systems amounted to 3.15 billion rubles for the year.
bbabo.Net