Russian Hackers Plot to Attack Banks Foiled

Russian state-sponsored cyber hackers or other organizations with specific state ties were allegedly preparing to target and hack Western banks and financial institutions, according to a report from cyber security firm Root9B.

Root9B technologies, a leading provider of advanced cybersecurity services and training for commercial and government clients announced that they uncovered plans by a known Russian hacking organization – APT28, to target several international financial institutions.

The foiled plot

According to the report, the hacking organizations identified with the plot are APT29 and Pawn Storm. They’re in the process of registered similar domain names to the banks and businesses as well as setting up command-and-control servers for a malware attack that centers on a new breed of computer virus.

The malware used is identified as ‘Sendnit and Sofacy’. This malware is created with a “backdoor” attack method, set up to bypass established authentication procedures in order to gain access to a computer or computer network.

“It should not surprise anyone that just as nuclear capable Russian bombers are increasingly penetrating foreign airspace, their cyber-warriors appear to be ramping up their intrusions as well,” the report said, noting that “for the first time” the attack has been identified before it was launched. “In the last year alone Russian hackers have reportedly stolen up to 900 million dollars from banks around the world.  Over the past three to five years they have built the largest botnets ever discovered, and stolen the log-in and password credentials to literally tens of millions of online accounts.”

Proactive detection

Root9B was performing routine surveillance for a client when they discovered malware that’s associated with nation state attacks. In a first of its kind, it was the first time an attack was discovered, identified and reported before the attack occurred.

“Our team did an amazing job of uncovering what could have been a significant event for the international banking community,” said Eric Hipkins, root9B Chief Executive Officer. “We’ve spent the past three days informing the proper authorities in Washington and the UAE, as well as the CISOs at the financial organizations.”

Some of the potential targets as identified by root9B for the attack are TD Bank, Bank of America, UAE Bank as well as organizations including United Nations Children’s Fund, United Bank for Africa and Regions Bank.

“While none of the targeted organizations are clients of Root9B, we felt it imperative to disclose the findings to them, and as broadly as possible to the security community,” said Hipkins. “In previous instances, attacks have been dissected after the event. Our HUNT platform delivers a pro-active defense protection capability to identify, pursue and mitigate cyber threats. This is a first in our industry.

The ongoing threat.

APT28, was detailed last fall in a comprehensive report from cyber research firm FireEye that made a big splash in the security community. Russian hackers have made headlines and continue to do so to this day, for hacking and infiltrating banks around the world.

The report from Root9B also noted that Cyber-security defenses are increasingly “failing at an alarming rate, with cyber hackers are now able to adapt their new malware attacks and generate new threats faster than ever before. “The production and sale on the black market has increased exponentially in recent years, developing into a criminal industry that is placing online commerce, as well as national security, at growing risk.”

The full report from Root9B is available to read in its entirety, here.