US, Russian Banks Targeted By Hackers In ATM Scam

Moscow-based data security firm Group-IB reported Monday (Dec. 11) that a group of Russian hackers stole close to $10 million from several largely U.S. and Russian banks over the past year or more, and all by going after interbank transfer systems.

According to Monday (Dec. 11) Reuters reports, the attacks began about 18 months ago, enabling money to be stolen from the ATM machines of 18 banks that were mainly based in the U.S. and Russia. The research firm said the attacks are still happening and that the Russian hackers appear to be focusing on Latin America banks next.  

The first attack occurred in the spring of last year, targeting financial institutions (FIs) that use First Data’s STAR network, the largest U.S. bank messaging system connecting ATMs around the country. A number of small banks operating on the STAR network had their credentials for administering debit cards breached, resulting in First Data implementing new data security controls. The STAR network itself was never breached by hackers, according to First Data.

Group-IB said it was looking at cases in which hackers examined how to make money transfers via interbank messaging platform SWIFT, but didn’t say if any attacks had been attempted or were successful. It is calling the Russian hacking group “Money Taker,” named after the software used to steal payment orders, and noting it used money mules to retrieve the money at the breached ATMs.

Group-IB has identified 18 banks that were targeted, with 15 of the FIs located across 10 U.S. states, two located in Russia and one based in the U.K. The average amount of funds stolen in the U.S. attacks was $500,000 per case. In Russia, Money Taker losses totaled $1.2 million on average, though one bank in the country was able to catch the attack in progress and recover some of the money that was stolen.