黑客从俄罗斯一家银行“转走”百万美元
据一家网络安全公司爆料,一臭名昭著的黑客团伙再次对银行发起袭击,此次从俄罗斯银行得手约91万美元。
Group-IB was called in to help Russia’s PIR Bank after it noticed the theft, said the firm.
Group-IB公司表示,在俄罗斯PIR银行意识到该盗窃案件后立刻联系了该公司协助解决问题
The raid is believed to have been carried out by the MoneyTaker gang which has hit other financial firms.
此次盗窃事件经判断应该是由MoneyTaker团伙主导,该团伙还袭击了其他金融机构。
In 2017 it was suspected of stealing nearly $10m from Russian, British and American companies.
2017年,该团伙涉嫌从俄罗斯、英国和美国公司偷走近1000万美元。
In its report, Group-IB said the cash was taken in a series of transfers on 3 July via a computer at the bank to which the gang had obtained access.
Group-IB集团在其报告中说,这笔钱是7月3日该团伙进入银行系统,通过银行的一台计算机进行了一系列转账中而取得的。
Staff at PIR were able to stop some of the transfers, said Group-IB, but the gang’s swift action to "cash out" using paid helpers or "mules" at ATMs stopped the bank recovering much of it.
Group-IB称,PIR的工作人员阻止了部门转账,但是该团伙迅速采取行动,通过支付助手或ATM取款机上的“钱骡”“兑现”等,阻止了银行收回其中的大部分。
Group-IB said the tools and techniques used by the gang to penetrate the bank and lurk on its internal systems were known to have been used by MoneyTaker in other robberies.
该公司补充说道,此次犯罪团伙用于渗入银行及潜伏其内部系统的技术手段正是MoneyTaker曾在各项抢劫案中多次使用的。
The attack began in late May, said Group-IB, and initially concentrated on a piece of networking hardware known as a router, which the gang was able to compromise.
此次犯罪从五月底开始,犯罪手段是起初从使用一种被称为路由器的硬件着手,而该行径则是MoneyTaker常用于攻击的手段。
By taking over this router, the gang gained access to the bank’s internal network.
通过黑进这个路由器,这个团伙获得了进入银行内部网络的机会。
Once on the network, the gang took time to find a specific computer used to authorise transfers of cash. It then used its knowledge of this system, known as the Automated Work Station Client of the Russian Central Bank (AWS-CBR), to set up the bogus transfers.
一旦得以侵入内部网络,该团伙即伺机找到一台特定的电脑用以转账授权。随后利用其对该系统(俄罗斯中央银行自助操作客户端)的了解得以实现虚假转账。
Attacks on AWS-CBR are difficult to implement and are not conducted very often, because many hackers just cannot work on computers with AWS-CBR successfully, said Valeriy Baulin, head of Group-IB’s digital forensics lab.
Group-IB数字取证实验室负责人Valeriy Baulin表示:“针对AWS-CBR的攻击很难实施,也不太经常发生,因为许多黑客无法成功地在AWS-CBR的电脑上工作。”
