Sign in / up

back to article Russian hacker clan exposed: They're called MoneyTaker, and they're gonna take your money

Security researchers have lifted the lid on a gang of Russian-speaking cybercrooks, dubbed MoneyTaker. The group has conducted more than 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia in the last two months alone, according to Russian incident response firm Group-IB. MoneyTaker has …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Snorlax Silver badge

    Hate to be "That guy" but...

    "MoneyTaker has primarily targeted card processing systems, including the AWS CBR (Russian Interbank System) and purportedly SWIFT (US)."

    SWIFT still operates out of Belgium, no? I thought the US plays a reduced role now that they (supposedly) can't access info re. European payments any more.

    Or did you mean that SWIFT was compromised in the US?

    7 2 Reply
    1. Martin Gregorie
      Reply Icon

      Re: Hate to be "That guy" but...

      I came here to say exactly the same. Have an upvote.

      SWIFT HQ is in La Hulpe, just outside Brussels and AFAICR is owned by its member banks.

      5 0 Reply
  2. Mark 85

    Seems that something changed in crim world. This group is attacking Russian banks which in the past seemed to be off limits for Russian hackers. So are they not Russian then or is that what they want everyone to believe?

    5 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Seems that something changed in crim world.

      Not necessarily. This is a clear indication that while they are Russian speaking, they are most likely not located in Russia.

      6 0 Reply
      1. veti Silver badge
        Reply Icon

        I don't believe we have sufficient information to choose between:

        - they're not really Russian at all

        - they're not located in Russia

        - they're real independent criminals, not directly connected to the oligarchy

        - the Russian attacks are part of an internal squabble among the oligarchy

        - the Russian attacks are part of the group's camouflage

        - the Russian attacks are a fabrication by Group-IB to muddy the picture

        ... and probably several more possible explanations I've missed.

        9 1 Reply
        1. macjules
          Reply Icon
          Black Helicopters

          And their boss is not Mr V Putin. Not at all. Never. Understand?

          11 3 Reply
        2. Anonymous Coward
          Reply Icon
          Anonymous Coward

          - they're real independent criminals, not directly connected to the oligarchy

          It is not a matter of being connected or not connected to the oligarchy. It is a matter of "Жизнь цена - копейка". You can peruse Google translate on that. It will not give you the full cultural connotations though.

          If you piss off the people with money in Britain you (usually) do not need a Geiger counter to measure the "temperature" of your tea before consumption. If you piss off the people with money in Russia, this is the least of the precautions you will need for the rest of your life.

          5 0 Reply
        3. Anonymous Coward
          Reply Icon
          Anonymous Coward

          missing choices

          -The group is based in Ukraine and are pretending to be Russian.

          -The group is sponsored by the Kremlin to pretend to be ukranian who are pretending to be russian.

          A Europe leaning Ukraine is something that Putin really does not want. Plus, he does not want any more NATO member countries right on his doorstep.

          4 0 Reply

    2. This post has been deleted by its author

  3. Prst. V.Jeltz Silver badge
    Facepalm

    "by gaining access to the home computer of the system administrator."

    #Embarrassing!

    I wonder how they did that. I doubt he fell for a "click here for naked ladies" . With the amount of effort they've put in I wouldn't be surprised if they broke in his house and installed a hardware radio keylogger.

    5 0 Reply
    1. g00se
      Reply Icon
      Black Helicopters

      Maybe they're using Intel ME - the backdoor that is likely to already be present in his home machine?

      4 0 Reply
      1. Is It Me
        Reply Icon

        But wouldn't that either need something else on his network, or port forwarding to be set up on the router to be accessible externally

        0 0 Reply
        1. g00se
          Reply Icon

          That's true but you might be surprised how UPNP is enabled by default often.

          0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like