News
More than 1 billion rubles, 100s of thousands of Credit Cards and vast amounts intellectual property has been stolen by a new group of cyber criminals ’Anunak’
December 2014 by
Fox-IT is finished. Group-IB specializes in cyber crime investigations and Fox-IT
offers innovative cyber security solutions. As a result of their joint investigation
a report about Anunak hackers group was released today. This group has been involved
in targeted attacks and espionage since 2013.
Anunak’s targets in Russia and CIS countries are banks and payments systems while in
Europe, USA and Latin America criminals were mainly focusing on retail networks as
well as mass media resources.
Criminals use malware that goes under the "Anunak" title and allows for organized
targeted attacks at banks and e-payment systems. Malefactors can easily get into
banks networks and gain access to secured payment systems. As a result, the money is
stolen not from the customers, but from the bank itself. If malefactors gain access
to state institutions’ network, the goal is espionage.
When malefactors gain access to internal networks, they have total control over
system administrators, record videos of key workers actions to understand how the
work is organized. They then take control over e-mails to monitor internal
communications and set up remote control to the network by changing its hardware
parameters.
Experts discovered that hackers had access to cash machines management systems and
could remotely infect them with malware for the purpose of getting money from them
upon request in future.
In the report, Group-IB’s and Fox-IT’s experts describe in detail methods and
software that were used by hackers, same methods and tools that can be used to
protect networks and counter targeted attacks.
Key features highlighted by Group-IB’s and Fox-IT’s experts:
Average theft in Russia and CIS countries for this group is 2 million US dollars.
Anunak group had access to more than 50 Russian banks, 5 payment systems, 16 retail
companies. Most of the retail companies are outside of Russia, while not a single
US/EU bank has been attacked.
As of now more than 1 billion rubles has been stolen by the group in total, most of
that during the last 6 months.
Average time from the moment the group gains access to an internal network before
the money is stolen equals 42 days.
Andy Chandler, Senior VP at Fox-IT said; "This is very serious and as soon as we
could conclude our joint investigations we wanted to share the information and not
just for our customers but everyone. They (Anunak) are very pro-active and at times
innovating, when you look at the volumes of money, credit cards and intellectual
property they have taken, this can only be described as a ‘professional’ criminal
campaign with a high level of success and please believe they are not going away
anytime soon."
Today, the Anunak group is still in operation which is why Group-IB and Fox-IT
forecast an increase in the number of targeted attacks in 2015.
