Russian Hackers Gearing Up Wave Of International iBank Attacks

According to the experts at root9B - a cybersecurity firm populated by former State Department and Defense Department workers - an alleged Russian cybercrime gang is gearing up for a major attack on U.S. banking institutions. The group has been known under such names as APT28 and Pawn Storm over the last seven or eight years, and is believed to be possibly linked to Russian intelligence services.

According to experts, the attack “is still in the preparatory stages” and has been in the works “for nearly a year,” since around June 2014, root9B says.

The group's primary malware tool is a backdoor program called Sednit or Sofacy. It leverages the increasingly popular spear phishing attack method and drive-by downloads launched from compromised websites to get at enterprise computers. The banks that were apparently set to be targeted were Bank of America, Regions Bank, TD Canada Trust, Commercial Bank International in the UAE and Germany's Commerzbank. UNICEF and United Bank for Africa were also alleged planned targets.

"We've spent the past three days informing the proper authorities in Washington and the UAE,” Eric Hipkins, root9B chief executive officer noted.

Root9B analysts discovered the larger scheme a few weeks ago after finding a phishing domain that was similar to that of a Middle Eastern financial institution, according to a report published Tuesday. A closer investigation turned up a new version of the Sofacy malware samples as well as a series of servers and domains that may been being prepared for a large scale operation. Sofacy is one of the names for APT28, as the malware found is their "signature."

Root9B has released hashes for the new malware samples it has found as well as the IP address of a command-and-control server set up by the attackers which will make it easy for potential targets to block the cybercrime group from access.

Root9B also suspects that the APT28 group may have subdivided into two groups - one focused on miliatry and government targets, the other focused on banks and FIs.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment