ATM-hacking robbers hit U.S., Russian banks
FRANKFURT• A previously undetected group of Russian-language hackers silently stole nearly US$10 million from at least 18 mostly U.S. and Russian banks in recent years by targeting interbank transfer systems, a Moscowbased security firm said on Monday.
Group- IB warned that the attacks, which began 18 months ago and allow money to be stolen from banks’ automated teller machines ( ATMs), appear to be ongoing and that banks in Latin America could be targeted next.
The first attack occurred in the spring of 2016 against banks in First Data’s “STAR” network, the largest U.S. bank messaging system connecting ATMs at more than 5,000 organizations, GroupIB researchers said.
First Data said a number of small financial institutions operating on the STAR network had their credentials breached for administering debit cards earlier in 2016, leading First Data to implement new mandatory security controls. It said the STAR network was never itself breached.
The firm said it was cont i nuing to i nvestigate a number of incidents where hackers studied how to make money transfers through the SWIFT banking system, while stopping short of saying whether any such attacks had been carried out successfully. SWIFT said in October that hackers were still targeting its interbank messaging system, but security controls instituted after last year’s US$81 million heist at Bangladesh’s central bank had thwarted many of those attempts.
Group- IB has dubbed the hacker group “MoneyTaker” after the name of software it used to hijack payment orders to then cash out funds through a network of lowlevel “money mules” who were hired to pick up money from automated teller machines.
The security researchers said they had identified 18 banks who were hit including 15 across 10 states in the United States, two in Russia and one in Britain. Besides banks, financial software firms and one law firm were targeted.
The average amount of money stolen in each of 14 U.S. ATM heists was US$ 500,000 per incident. Losses in Russia averaged US$ 1.2 million per incident, but one bank there managed to catch the attack and return some of the stolen funds, Group-IB said.
Hackers also stole documentation for OceanSystems’ Fed Link transfer system used by 200 banks in Latin America and the United States, it said.