Three months hackers attacked Russian banks
On December 5, 2018, Kaspersky Lab announced that it had identified a new type of cyber attack on the banking system of Eastern Europe. During this attack, eight banks suffered, which lost amounts equivalent to several tens of millions of dollars. Cybercriminals used the DarkVishnya virus, using malware through gadgets directly in the buildings of banks or from the outside, connecting to corporate networks.
However, this turned out to be only the tip of the hacker iceberg. A powerful hacker attack on Russian banks, lasting three months, was revealed by the international company Group-IB. It turned out that cybercriminals sent more than 11 thousand letters from 2,9 thousand fake email addresses of Russian government institutions with the RTM Trojan. That is, hackers pretended to be state institutions. The malware itself is designed to steal money from remote banking services (RBS) and payment systems.
Malware distribution was carried out to the addresses of financial institutions in the period from September to November 2018. It is clarified that one such theft could bring attackers about 1,1 million rubles. And as Nikita Kislitsin from the Group-IB Network Security Department said, among the potential victims of the RTM Trojan are banks that still ignore the installation of protection against targeted hacker attacks, as well as those who rarely check the current state of the infrastructure to detect suspicious electronic activity inside banks.
It should be noted that in each letter there was an attachment called “copies of documents”, “official note” and others. They contained an archive with an executable file, and the unpacked files had fake PDF icons. Computer infection occurred after starting the file extracted from the archive. After that, the Trojan began to collect information about the computer, installed banking and accounting applications, read keystrokes, take screenshots, replace payment details, domain name database entries and security certificates.
However, this turned out to be only the tip of the hacker iceberg. A powerful hacker attack on Russian banks, lasting three months, was revealed by the international company Group-IB. It turned out that cybercriminals sent more than 11 thousand letters from 2,9 thousand fake email addresses of Russian government institutions with the RTM Trojan. That is, hackers pretended to be state institutions. The malware itself is designed to steal money from remote banking services (RBS) and payment systems.
Malware distribution was carried out to the addresses of financial institutions in the period from September to November 2018. It is clarified that one such theft could bring attackers about 1,1 million rubles. And as Nikita Kislitsin from the Group-IB Network Security Department said, among the potential victims of the RTM Trojan are banks that still ignore the installation of protection against targeted hacker attacks, as well as those who rarely check the current state of the infrastructure to detect suspicious electronic activity inside banks.
It should be noted that in each letter there was an attachment called “copies of documents”, “official note” and others. They contained an archive with an executable file, and the unpacked files had fake PDF icons. Computer infection occurred after starting the file extracted from the archive. After that, the Trojan began to collect information about the computer, installed banking and accounting applications, read keystrokes, take screenshots, replace payment details, domain name database entries and security certificates.
Information