Russia's FSB Detains 50 After $25 Million Bank Cyber Heist

Written by

The Russian Federal Security Service (FSB) has detained 50 suspected hackers after multiple malware attacks resulted in the theft of over 1.7 billion roubles ($25m) from various domestic banks.

The FSB claimed it worked alongside the Russian Interior Ministry and staff from the country’s largest bank, Sberbank, to search the homes of suspects in raids across the country.

Those 86 searches apparently turned up a large amount of computer equipment, storage, SIM cards, bank cards in false names and financial documents which have been confiscated in connection with the cyber attacks.

It’s believed the gang used a botnet to launch malware in an attempt to compromise corporate bank accounts as well as correspondence accounts of the banks themselves.

An attempt by the group to steal a further 2.27 billion roubles by issuing false payment instructions failed after they were spotted and blocked, according to Reuters.

Since mid-2015 the authorities claim to have discovered 18 targeted cyber attacks aimed at the banking industry, with related losses exceeding 3 billion roubles ($45.6m).

It’s not clear exactly how the group managed to get away with over $25 million, although banking trojan malware like Dridex is widely available, very effective and relatively straightforward to use.

News of the arrests should be welcomed by western law enforcers, although there is still a perception that many former Soviet nations are happy to turn a blind eye to cybercrime as long as it is targeted at individuals and institutions outside of the country.

It’s virtually impossible for US officials, for example, to arrange extradition for suspected cyber-criminals living in Russia.

For example, notorious Russian black hat and Citadel mastermind Dimitry Belorossov, aka ‘Rainerfox,’ was only extradited to the States after eventually being arrested in Spain in 2013.

It’s also suspected that some of the individuals involved in the major stock manipulation campaign involving cyber attacks on JPMorgan are at large in Russia.

What’s hot on Infosecurity Magazine?