Russian hacking group MoneyTaker has stolen close to $1 million from the country’s PIR Bank at the beginning of this month, in the latest of a series of similar cybercrimes committed by the prolific cyber thieves, BBC reports.
The July 3 heist came about five weeks after the sophisticated hackers first gained access to the bank’s network by compromising a router used by a regional branch, Kommersant reported.
The theft—which according to Russian media is conservatively estimated at about $910,000—is the latest achievement of a group researchers at security firm Group-IB call the MoneyTaker group.
In a report published last November that first detailed the group, researchers said its members had conducted 20 successful attacks on financial institutions and legal firms in the US, UK, and Russia. In a follow-up report, Group-IB said MoneyTaker netted about $14 million in the hacks, 16 of which were carried out on U.S. targets, five on Russian banks, and one on a banking-software company in the UK.
While MoneyTaker is skilled at concealing its activities, Group-IB was able to connect the heists by tracing a common set of tactics, techniques, and procedures. After initially gaining access to a target’s network, members often spend months doing reconnaissance in an effort to elevate system privileges to those of a domain administrator.
Members also try to remain active inside hacked networks long after the heists are carried out. The attackers also use a variety of freely available tools popular among hackers and security professionals alike, including the Metasploit exploit framework, Microsoft’s PowerShell management framework, and various Visual Basic scripts.