According to the cybersecurity firm Group IB, a group called MoneyTaker launched several cyberattacks using malware against almost 20 banks around the world (mainly the US and the United Kingdom). In just 18 months, the criminals took 10 million dollars, the aforementioned 8.47 million euros at the current exchange rate.
In each of these attacks, the Russian hackers got $500,000. Furthermore, it was achieved by easily accessible means on the Internet, which hinders the process of attribution of intrusions and prevents them from associating the different campaigns carried out. Thanks to this procedure, they have gone unnoticed since its first operation, registered in May 2016.
After taking control of the bank’s network, the attackers checked if they could connect to the card processing system. Later, they legally opened or bought cards from the bank whose computer system they had pirated. Using money mules, criminals withdrew money from ATMs with those previously activated cards. Just before, the attackers eliminated or increased the cash withdrawal limits for the cards that the mules had. This is just one example of how a non covered vulnerability had a direct impact on the affected companies.