A report from leading IT security specialists claims a group of hackers has stolen $2million from Russian banks.
Group-IB and Fox-IT probed the secretive organisation after it was linked since 2013 to a series of targeted attacks and espionage.
Their report claims that Anunak targets banks and payments systems in Russia and CIS countries while in Europe, the U.S. and Latin America criminals were mainly focusing on retail networks as well as mass media resources.
Andy Chandler from Fox-IT warned that attacks could increase in 21015.
He said: ‘We have seen criminals branching out for for example with POS malware.
‘Anunak has capabilities which pose threats across multiple continents and industries. It shows there’s a grey area between APT and botnets. The criminal’s pragmatic approach once more starts a new chapter in the cybercrime ecosystem.’
A spokesman for the security firms added: ‘Anunak aims to target banks and e-payment systems. Malefactors can easily get into banks networks and gain access to secured payment systems. As a result, the money is stolen not from the customers, but from the bank itself. If malefactors gain access to state institutions’ network, the goal is espionage.
‘When malefactors gain access to internal networks, they have total control over system administrators, record videos of key workers actions to understand how the work is organized. They then take control over e-mails to monitor internal communications and set up remote control to the network by changing its hardware parameters.’
The experts discovered that hackers had access to cash machines management systems and could remotely infect them with malware for the purpose of getting money from them upon request in future.
In the report, Group-IB and Fox-IT describe in detail the methods and software that were used by hackers, and the methods and tools that can be used to protect networks and counter targeted attacks.
The report found that average theft in Russia and CIS countries for this group is 2 million US dollars.
The said that Anunak group had access to more than 50 Russian banks, 5 payment systems, 16 retail companies. Most of retail companies are outside of Russia, while not a single US/EU bank has been attacked.
In the report it is also shown how more than 1 billion rubles has been stolen by the group in total, most of that during the last 6 months, and that the average time from the moment the group gains access to internal network till the money is stolen equals 42 days.
