A hacker group called "MoneyTaker" has condcted more than 20 attacks on banks and financial services companies in the USA, UK and Russia and has silently stole nearly $10 million.
Moscow-based security Group-IB firm said on Monday that the attacks, which began 18 months ago and allow money to be robbed from bank automated teller machines (ATMs), appear to be ongoing and that banks in Latin America could be targeted next.
The first attack occurred in the spring of 2016 against First Data's "STAR" network, the largest U.S. bank transfer messaging system connecting ATMs at more than 5,000 organizations, Group-IB researchers said in a report.
The firm said it was continuing to investigate a number of incidents where hackers studied how to make money transfers through the SWIFT banking system.
SWIFT said in October that hackers were still targeting its interbank messaging system, but security controls had thwarted many of those attempts.
Group-IB has dubbed the hacker group "MoneyTaker" after the name of software it used to hijack payment orders to then cash out funds through a network of low-level "money mules" who were hired to pick up money from automated teller machines.
The security researchers said they had identified 18 banks who were hit including 15 across 10 states in the United States, two in Russia and one in Britain. Beside banks, financial software firms and one law firm were targeted.
The average amount of money stolen in each of 14 U.S. ATM heists was $500,000 per incident. Losses in Russia averaged $1.2 million per incident, but one bank there managed to catch the attack and return some of the stolen funds, Group-IB said.
Group-IB said it had notified Interpol and Europol in order to assist in law enforcement investigations.
According to the report, the hackers used "unique techniques" to enter the networks - a mix of tools and tactics to bypass anti virus and other traditional security software while being careful to eliminate traces of their operations. To disguise their moves, hackers used security certificates from brands such as Bank of America, the Fed, Microsoft and Yahoo.