According to Russian security firm Group-IB a new group of cyber criminals dubbed MoneyTaker has launched lucrative attacks on a number of US and Russian finance houses; harvesting millions of dollars. Its first incursion was in 2016 and, since then, it has robbed several US banks, plus other organisations in Russia and the UK.
The attackers initially compromised a PC with access to inter-banking money transfer and card processing systems. Using legitimate apps – which makes their attacks all the more pernicious, they then spread malware laterally in order to collect more files and credentials. The hackers had clearly done their homework, as each approach was carefully customised to the target organisation. They also successfully covered their tracks by deleting their entry points.
It appears likely that MoneyTaker is of Russian origin, and that they intend to strike again. Group-IB has passed on its findings to international crime fighting organisations Interpol and Europol.