Originally published July 20, 2018
Cybercriminals part of a notorious hacking group attacked the PIR Bank of Russia and stole $1 million. The hacking was carried out after infiltrating the bank’s systems by compromising an old, outdated router. The router was installed at one of the regional branches of the bank. The money was stolen via the Automated Workstation Client (AWC) of the Central Bank of Russia on July 3rd. Just like Swift, AWC is an interbank fund transfer system. The stolen amount was transferred to 17 accounts at leading banks in Russia and already withdrawn.
After withdrawing the amount, cyber-crooks made sure that the bank’s network remains compromised in order to carry out further attacks. However, the flaw got detected and Moscow based forensic investigator team Group-IB was contracted by the bank to probe the attack. It must be noted that the hack attack occurred five weeks after the hacking group firstly acquired access to the network of the bank.
According to Kommersant Newspaper, about $910,000 has been stolen by hackers, believed to be part of a group called MoneyTaker. Security researchers at Group-IB forensics lab, who reported about this group back in November 2017 for the first time, state that its members have so far carried out 20 successful attacks on various financial institutions and law.