For the first time in three years, the company's cybersecurity specialists Group-IB have identified a successful attack on the interbank transfer system of the AWP KBR (automated workstation of a client of the Bank of Russia).
In February 2021, the attackers carried out a hacker attack against one of the banks and stole funds, gaining access to the interbank transfer system of the AWP KBR. Analysts of the cybersecurity company Group-IB associate the hacking with the activities of the MoneyTaker group involved in previous similar attacks.
According to the Group-IB report, the attack began in June 2020 "through the compromise of a company affiliated with the bank," after which the bank's internal network was investigated for six months.
In 2021, the attackers registered fake domain names using the name of the bank and the zone .org and .com, not .ru. After that, the attackers "stole digital keys and later used them to sign payments passing through the transport gateway of the Bank of Russia."
Hackers were able to steal more than 500 million rubles ($6.7 million).
The experts emphasized that in the future, an increase in the number of such crimes is expected. “Taking into account the fact that we are more and more involved in electronic payments, then there will be more and more attempts to violate the law in this area”, said Nikolay Kulbaka, Financial Analyst and Associate Professor of Economics at RANEPA.
It is interesting to note that the hacker group Moneymaker was able to steal money from a Russian bank from its account in the Central Bank for the first time since 2018. Then more than 58 million rubles ($781 thousand) were withdrawn from the account of PIR Bank to the Central Bank. In the same year, the Central Bank revoked the license from PIR Bank due to violations of anti-laundering legislation.