Hate to be "That guy" but...
"MoneyTaker has primarily targeted card processing systems, including the AWS CBR (Russian Interbank System) and purportedly SWIFT (US)."
SWIFT still operates out of Belgium, no? I thought the US plays a reduced role now that they (supposedly) can't access info re. European payments any more.
Or did you mean that SWIFT was compromised in the US?