Threat Management, Malware, Threat Management

Russian hacker group targeting largest EU banks


The Russian government has begun working with Russia's Central Bank to develop a package of measures aimed at fighting Buhtrap, the recently discovered  hacker group, which, to date, has stolen around RUB 4 billion (£42 million) from Russian and Western banks, and is reportedly planning further attacks on the EU banking system.

An official spokesman of Xenia Yudaeva, the first Deputy Chairman of the Russian Central Bank, told that the hacker group uses sophisticated cyber-attacks, the most recent of which allowed it to steal about RUB 600 million £6.3 million) from Metallinvestbank, one of Russia's largest banks.  

Xenia Yudaeva commented: “Over the last six months the group has carried out 13 successful cyber-attacks, and in two cases the amount stolen has been 2.5 times higher than the statutory capital of the bank. Most attacks took place with the use of phishing emails, that were purportedly sent on the behalf of the Central Bank. Malicious malware attached to the message allowed criminals to find computers in the corporate network of these banks that have their workstations at clients of the Russian Central Bank, and to upload remote management tools on them. The anti-virus software at the banks did not recognise the programs that were used by Buhtrap as malicious. After successful connecting the hackers created fraudulent money orders and sent them for execution.”

The planned measures being taken in response have not been disclosed. The activities of Buhtrap has already sparked concerns at the Russian Ministry of Internal Affairs. As an official spokesman of the department of cyber-crimes of the Russian Ministry of Internal Affairs told, one of the main features of cyber-attacks conducted by Buhtrap is to cause major damage to the financial and IT infrastructure of affected banks.

As a result, recovery of infected infrastructure includes suspension of the bank's operations for an indefinite period, along with other radical measures.

According to the Ministry spokesperson, the hacker group specialises in the destruction of the entire communications infrastructure of the bank, so the infected computers have to removed from the system, thereby complicating the work of investigators.

Currently investigations are ongoing, but to date there have been no arrests of any members of the group. Russian investigation authorities say that the group is based in Moscow and is believed to be currently planning new attacks which may affect some well-known EU and US banks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.