The Russian cyberthieves believed to be responsible for retailer payment-card breaches at Staples, Bebe Stores and 14 other chains have also stolen an estimated $25 million directly from banks’ internal payments systems, according to a report by Russian and Dutch security researchers.
The cybercrime group has burrowed into the networks of more than 50 banks in Russia and other former Soviet states since early 2013, and stolen more than 1 billion rubles, most of it in the past six months. (With the plummeting value of the ruble, it’s difficult to calculate the exact amount in dollars, but researchers estimate at least $25 million.) The attacks used a combination of techniques that include spear fishing and highly targeted malware, and two of the banks reportedly lost their licenses after the successful attacks.
The average time from the moment the group got access into an internal network before the money was stolen was only 42 days.
The group was uncovered by forensics experts at Moscow-based Group-IB and Fox-IT of the Netherlands, Finextra reported on Monday (Dec. 22).
While the thieves got access to banks and their payment networks and ATMs in Russia and eastern Europe, the same group appears to be responsible for malware-based attacks on retailers starting in 2014 in the U.S., Australia, Spain and Italy, including the Staples breach that captured data from 1.16 million payment cards. In addition, the group appears to have breached media and PR companies starting in 2014 for industrial-espionage purposes, researchers said.