Monday, February 8, 2016

Russian Hackers Moved Currency Rate With Malware, Group-IB Says

Bloomberg | Jake Rudnitsky & Ilya Khrennikov | February 8, 2016 — 5:42 AM EST



Hackers used malware to penetrate the defenses of a Russian regional bank and move the ruble-dollar rate more than 15 percent in minutes, according to a Moscow-based cyber-security firm hired to investigate the attack.


Russian-language hackers deployed a virus known as the Corkow Trojan to infect Kazan-based Energobank and place more than $500 million in orders at non-market rates in February 2015, Group-IB told Bloomberg, without identifying individuals behind the attack. The resulting rate swing prompted a Russian central bank investigation last year into potential market manipulation.

Malicious software of the type used in the attack can open a back door into computers via seemingly legitimate websites or files and then force them to carry out hackers’ orders. Corkow, which regularly updates itself to evade detection by anti-virus programs, has infiltrated 250,000 computers worldwide and infected more than 100 financial institutions, according to Group-IB, which investigated the attack on behalf of Energobank.

“This is the first documented attack using this virus and it has potential to do much more damage,” Dmitry Volkov, the head of Group-IB’s cyber intelligence department, said by phone. “Once the malware has penetrated a local network, it is sophisticated enough to infect computers that are even not connected to the Internet.”

The Moscow Exchange has said its systems were not hacked in the incident on Feb. 27, 2015. In a separate investigation, the central bank said it found no evidence of currency market manipulation, noting the fluctuations could have been caused by traders’ mistakes.

The volatility lasted 14 minutes and caused the exchange rate to swing between 55 and 66 rubles per dollar, which “significantly differed from the prevailing market rate,” the central bank said in a statement on Dec. 17.

The bank claimed losses of 244 million rubles ($3.2 million) due to the trades, Vedomosti newspaper reported last year, citing a suit filed by Energobank in a Kazan court. There is no evidence that the hackers profited from the operation and it may have been a test to prepare for future attacks, according to Group-IB.

Energobank, the exchange and the central bank did not respond to e-mailed queries.

The virus was also used in an attack on a Russian bank card system that resulted in hundreds of millions of rubles being stolen via ATMs in August, Group-IB said.

No comments:

Post a Comment