Staples Cyberthieves Also Got $25 Million From Russian Banks

The Russian cyberthieves believed to be responsible for retailer payment-card breaches at Staples, Bebe Stores and 14 other chains have also stolen an estimated $25 million directly from banks’ internal payments systems, according to a report by Russian and Dutch security researchers.

The cybercrime group has burrowed into the networks of more than 50 banks in Russia and other former Soviet states since early 2013, and stolen more than 1 billion rubles, most of it in the past six months. (With the plummeting value of the ruble, it’s difficult to calculate the exact amount in dollars, but researchers estimate at least $25 million.) The attacks used a combination of techniques that include spear fishing and highly targeted malware, and two of the banks reportedly lost their licenses after the successful attacks.

The average time from the moment the group got access into an internal network before the money was stolen was only 42 days.

The group was uncovered by forensics experts at Moscow-based Group-IB and Fox-IT of the Netherlands, Finextra reported on Monday (Dec. 22).

While the thieves got access to banks and their payment networks and ATMs in Russia and eastern Europe, the same group appears to be responsible for malware-based attacks on retailers starting in 2014 in the U.S., Australia, Spain and Italy, including the Staples breach that captured data from 1.16 million payment cards. In addition, the group appears to have breached media and PR companies starting in 2014 for industrial-espionage purposes, researchers said.


Latest Insights: 

With an estimated 64 million connected cars on the road by year’s end, QSRs are scrambling to win consumer drive-time dollars via in-dash ordering capabilities, while automakers like Tesla are developing new retail-centric charging stations. The PYMNTS Commerce Connected Playbook explores how the connected car is putting $230 billion worth of connected car spend into overdrive.

Click to comment


To Top