Russian Group of Hackers reportedly cracked into the Kazan-based Energobank and messed up with the Ruble-Dollar exchange rates.
In Feb 2015, a hacking group, known by the name METEL, successfully breached into the Russian Regional Bank for just 14 minutes and caused the exchange rate to fluctuate between 55 and 66 rubles per dollar, which finally resulted in the increment of Ruble’s value.
Here’s how they did it:
According to Russian security firm, Group-IB, who investigated the incident, the Metel Hacking group infected Kazan-based Energobank with a virus known as the Corkow Trojan and placed more than $500 million in orders at non-market rates.
“This is the first documented attack using this virus, and it has the potential to do much more damage,” Dmitry Volkov, the head of Group-IB’s cyber intelligence department, told Bloomberg.
The hackers had taken the advantage of Spear Phishing Technique, which appears to come from a legit source. A single click on the link in the malicious mail took over the access to the system followed by ultimate exploitation.
After gaining the access to a local system, the trojan was able to cause a havoc deepening the attack to its Intranet. This way, the malware named Corkow found the isolated system which handles the money transaction exclusively to the outer world.
Corkow malware, initially discovered in 2011, regularly updates itself to evade detection by antivirus programs, and has infiltrated more than 250,000 computers worldwide and infected at least 100 financial institutions.
Bank lost 244 Million Rubles ($3.2 million)
The Energobank claimed losses of 244 million rubles ($3.2 million) due to the trades.
But, the Moscow Exchange had denied the allegations of any hacking attempt by the fact that; the changes in the Stock Market would be an output of Trader’s mistakes. They also not found any hint of currency manipulation.
The attack was earlier ported to target ATMs of Russia, affecting Russian bank card system that resulted in hundreds of millions of rubles being stolen via ATMs in August. Another attack with the same malware also facilitated hackers to use credit card limitlessly.
Metel is only known to be active in Russia (affected 73% Russian Banks), although it may present a threat to financial institutions across the globe.
Authority has not yet handcuffed any of its criminals who are raising a global bank threat.