A cybercriminal group of 50 hackers suspected of stealing more than $45 million from multiple Russian banks, financial institutions, and businesses in 2011 has been apprehended in Russia’s largest ever hacker bust.
The group’s arrest prevented the transmission of fake transactions worth over $30 million.
The suspected members of the cybercriminal group using the Lurk Trojan malware were arrested through the combined efforts of the cybersecurity firm Kaspersky Lab, Russian law enforcement, and Sberbank, one of Russia’s largest banks,
In a press statement released on Friday, Kaspersky said it detected the gang’s activity in 2011, after the hacker group used malware to access and steal money from their victims’ bank accounts.
“Our company’s experts analyzed the malicious software and identified the hacker’s network of computers and servers. Armed with that knowledge the Russian police could identify suspects and gather evidence of the crimes that had been committed,” said Ruslan Stoyanov, head of computer incidents investigation at Kaspersky Lab.
In order to propagate the Lurk Trojan malware, the hackers infected a range of websites, including leading media and news sites. Unsuspecting victims simply had to visit such sites to be infected with the malware. Once inside a victim’s device, the malware would download even more malware that enabled it to steal the victim’s money.
The hacker group also targeted various IT and telecommunications companies, using their servers to remain anonymous.
The malware used by the hackers was unique in that it stored itself in its victim’s random access memory (RAM), making it harder to detect by antivirus software. The hacker group also made use of different VPN services, the anonymous Tor network, and compromised Wi-Fi connections to conceal their malware.
Kaspersky Lab warned companies to pay close attention to their security measures, regularly perform IT infrastructure security checks, and teach employees the basics of responsible cyber-behavior to protect themselves from similar hacker attacks.
They also urged companies to introduce measures to detect attacks.
“The best strategy here is to complement the approach to threat prevention with significant investment in threat detection and response. Even the most sophisticated targeted attacks can be spotted by their abnormal activity when compared to regular business workflow,” Kaspersky Labs said.