50 arrests for Russia's largest hacker group

News by Eugene Gerden

Some 50 suspects from 15 Russian regions have been arrested, believed to be part of Russia's largest hacking group, responsible for Trojan and botnet attacks on Russian banks, stealing some £57 million.

Earlier this month the Russian Federal Security Service (FSB in Russian), together with the Interior Ministry, conducted a mass arrest of hackers across the country, jointly suspected of using malicious computer programs to steal RUB 3 billion (£57 million) from several Russian banks.

The arrests took place in 15 of the country's regions, with a total of 50 suspects detained.

Alexander Zdanov, an official spokesman of the FSB, told SCMagazineUK.com that those arrested are suspected of creating of a botnet of infected computers used to carry out targeted attacks on the infrastructure of Russian banks to steal cash.

Vladimir Kropotov, head of the Department of Cyber-attacks at ‘Monitoring of Positive Technologies', a leading Russian IT company, told SC that Russian law enforcement agencies managed to detect and then arrest members of one of Russia's largest and most dangerous hacker groups, which specialised in stealing money from Russian bank accounts.

According to the FSB, the group has been operating since 2011, and has been very cautious, using some very interesting approaches, one of which is the so-called ‘disembodied Trojan', a malicious computer program which reportedly does not leave any traces after it has broken into a computer.

The hackers also attacked banks using Lurk Trojan, which provides access to remote banking systems. Among the victims of their attacks, according to FSB, were the six largest Russian banks, including Metallinvestbank, Russian International Bank, Metropol and Regnum.

Hackers also carried out attacks on the largest Russian banks, Sberbank and VTB, however they were unable to break their computer systems. The attacks forced some Russian banks to suspend online payments.

As a result of the growing threat of cyber-attacks, Sberbank and other large Russian banks called on the national government and the country's leading providers of IT security solutions to establish a new communications network for banks, which it plans to do, to be built using the Sberbank platform.

The new network is intended to increase information sharing between Russian banks with new ways to warn each other about possible cyber-attacks, to help thwart hackers' attacks.

Zdanov noted how previously hackers were focused on stealing money from the customer accounts at the banks, whereas now they are concentrating on creating programs aimed at taking down the entire infrastructure of banks that they attack.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews