A newly discovered Russian hacking group is said to have stolen at least $10 million from banks in the United States, United Kingdom and Russia.

The claim comes today from the Moscow-based cybersecurity firm Group-IB, which said the group, dubbed “MoneyTaker,” has stolen funds from 20 companies. Some 16 of the attacks targeted U.S organizations, three attacks were on Russian banks and one bank in the U.K. was hit. The group primarily stole money by targeting card processing and bank transfer systems, including the Russian Interbank System AWS CBR and the Society for Worldwide Interbank Financial Telecommunication, better known by its acronym of SWIFT.

Of the organizations targeted in the U.S., the group’s first attack involved a bank using First Data Corp.’s “STAR” card processing system used by automatic teller machines. The hackers have said to obtained access to the STAR network operator portal then issued new ATM cards that they then used to withdraw cash physically from in both the U.S. and Russia. In other instances, the group is said to have used different methods, including the hacking of systems to obtain SWIFT transfer access, to steal more money.

Attributing the various hacks to MoneyTakers apparently was difficult given to the different methods they have used so far to steal money. “MoneyTaker uses publicly available tools, which makes the attribution and investigation process a nontrivial exercise,” Group-IB co-founder Dmitry Volkov said. “Incidents occur in different regions worldwide and at least one of the U.S. banks targeted had documents successfully exfiltrated from their networks, twice.”

Group-IB said it believes that the group will expand their activities going forward and may move into new regions including South America.

Stephan Chenette, chief executive office of AttackIQ Inc. told SiliconANGLE that while “most organizations have put security controls in place to prevent attackers from breaching and exploiting high value target systems such as SWIFT and ATM networks,” problems emerge because “in many cases, misconfigurations in these security controls and logging mechanisms create protection failures that allow adversaries to gain access to these critical systems without the owner finding out in a timely manner.

“We have entered a new phase of cyber requiring organizations to validate their security controls on a continuous basis,” Chenette added. “Because ultimately, the cost of testing is far less expensive than the costs of recovery from a breach.”

Photo: Pixabay