Hackers dubbed the “Carbanak cybergang” have stolen at least $300 million from banks and other financial institutions around the world in could be the biggest bank heist ever recorded.
The unknown cybercriminals’ nickname comes from the name of the malware they used to infect computers at financial institutions around the world. Once in, the group then impersonated bank officers, extracting hard currency from various cash machines and transferring millions of dollars from banks located in Russia, the United States, Japan, the Netherlands, and Switzerland into dummy accounts setup up in other countries.
Kaspersky Lab, the Russian cybersecurity firm which discovered the massive theft, was called to Ukraine to investigate what initially appeared to be an issue with a sole ATM in Kiev, which was seen on security cameras dispensing cash at what seemed to be random times. Lucky passersby appeared to swipe the free money, however, the problem with the machine turned out to be the tip of the iceberg. Kaspersky’s investigators determined that the bank’s internal computers had been infected with malware, allowing cybercriminals to monitor their actions remotely by sending video feeds and images back to what the New York Times reports was an international cybercrime group composed of Russian, Chinese, and European hackers.
While the hackers hit banks and financial institutions in various countries, the bulk of their victims were in Russia.
The hackers began with a spear phishing campaign targeting bank employees. The emails were booby-trapped with malicious software called Carbanak. Once in, hackers leveraged their access to install remote administration tools, also known as RATs and Trojan viruses, which they then used to monitor bank employees’ computers. The attack’s execution is reminiscent of the cyber-attack on Sony Entertainment.
Moscow-based Kaspersky indicated that due to a non-disclosure agreement (NDA), they were unable to release the names of the banks which had been hacked. However, officials at the White House and the Federal Bureau of Investigation (FBI) have been briefed.
The cybersecurity firm indicated that it had seen evidence of at least $300 million in theft through clients, and it believes the total theft could easily be three times as much. Not only that, the company indicates that the attacks could still be happening.
No banks have come forward to acknowledge the theft and the American Bankers Association declined to comment. Kaspersky Lab is scheduled to publish a report on their findings regarding the recent bank hack on Monday.
Interpol indicated that their digital crimes specialists in Singapore are coordinating an investigation with law enforcement agencies in affected countries. The Dutch High Tech Crime Unit in the Netherlands has been briefed.
Do you think the hacked banks should disclose the intrusion to their customers?