According to a report by cybersecurity firm Group-IB, the group, MoneyTaker has primarily targeted card processing systems by removing overdraft limits on debit cards and took money from cash machines.
“This is a sophisticated group of hackers,” Dmitry Volkov, head of Group-IB, tells Newsweek. “MoneyTaker managed to gain access to isolated segments of critical banking systems using tools, tactics, and trace elimination techniques that enabled them to go unnoticed for a long period of time.”
The investigation was done by the Group-IB with the help of both Europol and the Russian government.
The reports suggest that the documents could be used by the hackers to attack in future.
“MoneyTaker continues to pose a threat,” Volkov says. “Given their propensity to change target-region after a series of successful attacks, and taking into consideration their interest in Latin American-focused systems, we predict this may be a future target for the group.”
“The success of replacement is due to the fact that at this stage the payment order has not yet been signed, which will occur after payment details are replaced,” the researchers say. “In addition to hiding the tracks, the concealment module again substitutes the fraudulent payment details in a debt advice after the transaction back to the original ones.”
“This means that the payment order is sent and accepted for execution with the fraudulent payment details, and the responses come as if the payment details were the initial ones,” Group-IB added. “This gives cybercriminals extra time to mule funds before the theft is detected.”
The researching group has handed over details of the attacks to law enforcement.