A gang of hackers, allegedly operating out of Russia, Ukraine and China, stole nearly $1 billion over the last two years from 100 banks in 30 countries, making it one of the largest bank thefts ever, according to a new report by Russian cybersecurity firm Kaspersky Lab. The report, scheduled to be published Monday, was accessed in advance by The New York Times.
While most of the banks breached were in Russia, several financial institutions in Japan, Europe and the U.S. were also hit, according to the Times report. Moreover, the attacks by the hacking ring named -- “Carbanak cybergang” -- after the malware it deployed in the banks’ systems, are believed to be ongoing.
After gaining access to a bank's computers through phishing emails containing a malware that allowed them to access video surveillance feed, the hackers reportedly lay low for several months -- taking screenshots of the computers and recording daily activities of the bank's employees. Once the hackers became familiar with these day-to-day operations, they mimicked the bank's activities to make the theft look like a routine transaction.
The theft itself was carried out in a variety of ways, which included using the net banking facility to transfer money to fake accounts overseas and hacking the bank’s network to direct ATMs to dispense cash at a time and location of the hackers’ convenience.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Chris Doggett, managing director of Kaspersky’s North America office in Boston, told the Times.
Kaspersky also found that each theft took between two to four months and was limited to $10 million a transaction. This was allegedly done to avoid detection by bank and law enforcement authorities.
The Financial Services Information Sharing and Analysis Center, a body that alerts banks about hacking activity, reportedly said that its clients came to know of the hacking activity after receiving a briefing from Kaspersky in January. However, since the banks are part of an ongoing investigation, their names were not revealed in the report.