Bank Robber Hackers Steal Millions of Dollars in Silent Heists Across U.S. and Russia

A previously unknown group of hackers, dubbed MoneyTaker, has stolen millions of dollars from banks around the world in silent online heists, according to a report by a cybersecurity firm.

The MoneyTaker hacking group, detailed in a report by Moscow-based Group-IB shared with Newsweek, targeted at least 20 organizations in the United States, the U.K. and Russia from May 2016. It is not clear which country the group is from, though the report said that MoneyTaker is Russian speaking.

“This is a sophisticated group of hackers,” Dmitry Volkov, head of threat intel at Group-IB, tells Newsweek. “MoneyTaker managed to gain access to isolated segments of critical banking systems using tools, tactics and trace elimination techniques that enabled them to go unnoticed for a long period of time.”

The majority of the group’s victims were small community banks based in the U.S., with the average damage for each successful attack estimated at around $500,000. At least one of those banks was successfully robbed twice.

yahoo hack russia doj hackers The hackers posed as well-known companies like Yahoo to avoid detection. REUTERS/Dado Ruvic/Illustration/File Photo

As well as money, MoneyTaker also stole data and documents relating to payment systems, which could potentially be used for future attacks.

One of the pieces of documentation was for a card processing system called OceanSystems’ FedLink—used by around 200 banks in the U.S. and Latin America.

“MoneyTaker continues to pose a threat,” Volkov says. “Given their propensity to change target-region after a series of successful attacks, and taking into consideration their interest in Latin American-focused systems, we predict this may be a future target for the group.”

Read more: Muslim hackers vow to wipe ISIS off the internet on November 17

Attacks in Russia focused on an interbank transfer system that proved even more lucrative than the attacks on U.S. organizations. Banks targeted by this method of attack by MoneyTaker lost an average of $1.2 million per incident.

Despite being in operation for a year and a half, the hackers were able to remain undetected by using a type of so-called fileless malware that disappears from the banks’ computer systems once they are rebooted.

hackers steal millions banks russia moneytaker Russian-speaking hackers have stolen millions from banks around the world, according to a new report. REUTERS/Kacper Pempel/Illustration

MoneyTaker also posed as well-known technology and financial companies, such as Bank of America, Microsoft and Yahoo, in order to go unnoticed by cybersecurity teams.

“In order to avoid detection, the MoneyTaker group generates self-signed SSL [security protocol] certificates before the attack, indicating the names of popular brands in the fields, instead of filling them out randomly,” the report stated.

Group-IB says it has notified Interpol and Europol about the hacking group and will assist in investigations.