The company said it was working with Interpol, Europol and authorities from different countries to try to uncover more details on what it being called an unprecedented robbery.
The gang, which Kaspersky dubbed Carbanak, takes the unusual approach of stealing directly from banks, rather than posing as customers to withdraw money from companies’ or individuals’ accounts. It said the gang included cyber criminals from Europe, including Russia and Ukraine, as well as China.
Carbanak used carefully crafted emails to trick pre-selected employees into opening malicious software files, a common technique known as spear phishing. They were then able to get into the internal network and track down administrators’ computers for video surveillance.
In this way, Kaspersky said, the criminals learned how the bank clerks worked and could mimic their activity when transferring the money.
In some cases, Carbanak inflated account balances before pocketing the extra funds through a fraudulent transaction. Because the legitimate funds were still there, the account holder would not suspect a problem.
Kaspersky said Carbanak also remotely seized control of ATMs and ordered them to dispense cash at a predetermined time, when a gang member would be waiting to collect the money.
“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” Sanjay Virmani, director of Interpol Digital Crime Center, said in a statement prepared by Kaspersky. “It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.” – Reuters