Connect with us

Hi, what are you looking for?

HEADLINES

Russia’s largest cybercriminal arrest detain hackers who stole $45M

An investigation into the Lurk cybercriminal gang has resulted in the apprehension of 50 people in Russia, the largest ever arrest of hackers to have taken place in the country.

Sberbank, one of Russia’s largest banks, worked closely with Russian Law Enforcement Agencies and Kaspersky Lab experts in the probe.

Those detained are suspected of involvement in the creation of infected computers networks that resulted in the theft of more than 45 million dollars (3 billion rubles) from banks, other financial institutions and businesses since 2011. 

In 2011, Kaspersky Lab detected the activity of an organized cybercriminal gang using the Lurk Trojan – a sophisticated, universal and multi-modular malware with wide functionality – to gain access to victims’ computers. In particular, the gang was looking for a way into remote banking services so that it could steal money from customer accounts. 

“From the very start, Kaspersky Lab experts were involved in the law enforcement investigation into Lurk. We realized early on that Lurk was a group of Russian hackers that presented a serious threat to organizations and users. Lurk started attacking banks one-and-a-half years ago; before then its malicious program targeted various enterprise and consumer systems. Our company’s experts analyzed the malicious software and identified the hacker’s network of computers and servers. Armed with that knowledge the Russian Police could identify suspects and gather evidence of the crimes that had been committed. We look forward to helping to bring more cybercriminals to justice,” said Ruslan Stoyanov, Head of computer incidents investigation at Kaspersky Lab.

During the arrest the Russian police managed to prevent the transmission of fake money transactions worth more than 30 million dollars (2,273 billion rubles).

Advertisement. Scroll to continue reading.

The Lurk Trojan

In order to propagate the malware, the Lurk group infected a range of legitimate websites with exploits, including leading media and news sites. A victim simply had to visit a compromised webpage to become infected with the Lurk Trojan. Once inside the victim’s PC, the malware would start to download additional malicious modules that enabled it to steal the victim’s money.

Media websites were not the only non-financial target of the group. In order to hide their traces behind VPN-connection, the criminals also hacked into various IT and telecom companies, using their servers to remain anonymous. 

The Lurk Trojan is distinctive in that its malicious code is not stored on the victims’ computer but in the random access memory (RAM). Also, its developers tried to make it as difficult as possible for anti-virus solutions to detect the Trojan. So they made use of different VPN-services, the anonymous Tor network, compromised Wi-Fi connection points and servers belonging to the attacked IT organizations. 

We urge companies to pay close attention to their security measures and to regularly perform an IT infrastructure security check, so that at the very least they are protected from known vulnerabilities. It is also extremely important to teach employees the basics of responsible cyber-behavior. 

Advertisement. Scroll to continue reading.

In addition, a company needs to introduce measures that will enable it to detect an on-going targeted attack. The best strategy here is to complement the approach to threat prevention with significant investment in threat detection and response. Even the most sophisticated targeted attacks can be spotted by their abnormal activity when compared to regular business workflow. 

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

While they may use different platforms or strategies to run their modus, PLDT and its wireless unit Smart Communications, Inc. (Smart) have identified ‘social...

HEADLINES

The 2022 Unit 42 Incident Response Report offers a multitude of insights gleaned from Unit 42 by Palo Alto Networks' extensive incident response (IR)...

HEADLINES

Claroty xDome is the industry’s first solution to deliver the ease and scalability of SaaS without compromising on the breadth or depth of the...

HEADLINES

The novel malware used by Andariel in 2021 and 2022 has been dubbed Maui ransomware. Kaspersky experts identified its launch after DTrack was deployed...

Biz Solutions

For years, Rimini Street has provided proven and proactive advanced “zero-day” security solutions for our clients’ enterprise software applications, middleware, and databases, and these...

HEADLINES

60% of breached businesses raised product prices post-breach; vast majority of critical infrastructure lagging in zero trust adoption; $550,000 in extra costs for insufficiently...

HEADLINES

The share of smart attacks almost broke the four-year record, accounting for nearly 50% of the total. Experts also expect an increase in overall...

HEADLINES

While businesses in different industries are continuously upgrading their platforms, fraudsters also search for ways on how they can adapt to the ever-changing landscape...

Advertisement