Russian dating e mail mail ru yandex ru 2016
Group-IB specialists expect new thefts in the near future and in order to reduce this risk, Group-IB would like to contribute our report identifying hacker tools, techniques as well as indicators of compromise we attribute to Money Taker operations".
The first attack in the US that Group-IB attributes to this group was conducted in the spring of 2016: money was stolen from the bank by gaining access to First Data’s "STAR" network operator portal.
Group-IB reports that Money Taker uses both borrowed and their own self-written tools.
For example, to spy on bank operators they developed an application with 'screenshot' and 'keylogger' capabilities.
The geography, however, has narrowed to only the USA and Russia.
Using the Group-IB Threat Intelligence system, Group-IB researchers have discovered connections between all 20 incidents throughout 20.
Get the report Although the group has been successful at targeting a number of banks in different countries, to date, they have gone unreported.
Exfiltrated documents include: admin guides, internal regulations and instructions, change request forms, transaction logs, etc.
A number of incidents with copied documents that describe how to make transfers through SWIFT are being investigated by Group-IB.
Important findings that enabled Group-IB to discover the links between crimes include privilege escalation tools compiled based on codes presented at the Russian cybersecurity conference Zero Nights 2016.
Also, in some incidents, hackers used the infamous Citadel and Kronos banking Trojans.