Russia’s PIR Bank lost about $1 million after a notorious hacker group known as MoneyTaker breached its network through an outdated router installed at a regional branch.
The hackers used the Russian Central Bank’s Automated Workstation Client – an interbank fund transfer system similar to SWIFT- to loot the sum and were transferred to 17 accounts at major Russian banks.
Though the criminals tried for subsequent attacks, they were detected and removed by for forensic investigator’s Group-IB, who was contracted by the bank after the breach.
Valeriy Baulin, head of Group-IB’s forensics lab says, “This is not the first successful attack on a Russian bank with money withdrawal since early 2018. We know of at least three similar incidents, but we cannot disclose any details before our investigations are completed. A 2016 incident, when МoneyTaker hackers withdrew about $2 million using their own self-titled program, remains one of the largest attacks of this kind.”