In 2017 it was suspected of stealing nearly £7.5m ($10m) from Russian, British and American companies.
the cash was taken in a series of transfers on 3 July via a computer at the bank to which the gang had obtained access.
Group-IB said the tools and techniques used by the gang to penetrate the bank and lurk on its internal systems were known to have been used by MoneyTaker in other robberies.
The attack began in late May, said Group-IB, and initially concentrated on a piece of networking hardware known as a router, which the gang was able to compromise.
By taking over this router, the gang gained access to the bank's internal network.
Once on the network, the gang took time to find a specific computer used to authorise transfers of cash. It then used its knowledge of this system, known as the Automated Work Station Client of the Russian Central Bank (AWS-CBR), to set up the bogus transfers.
A 2016 incident, when МoneyTaker hackers withdrew about $2m using their own self-titled program, remains one of the largest attacks of this kind," he added.
Measure as been taken to initiate AWS-CBR on computers because they are difficult to implement and are not conducted very often, because many hackers just cannot work on computers with AWS-CBR successfully
No comments:
Post a Comment