In just one night a Russian crime gang stole 3.8 million slopes (860,000 euros) from 32 ATMs belonging to the Raiffeisen Romania bank.
Cybercriminals stole 3.8 million slopes (860,000 euros) from 32 ATMs belonging to the Raiffeisen Romania bank using an infected RTF document. The criminal organization led by Dmitriy Kvasov operated in Romania, the gang stole the money in just one night in 2016.
“One night Raiffeisen Bank lost control of all ATMs in Romania • Although it seems impossible, the control of ATMs across the country was taken over by a group of Russian hackers • It is one of the biggest thefts of cash money in the history of Romania, and the authorities did not blow a word” reported the website bzi.ro.
The Organized Crime and Counterterrorism Office (DIICOT) who investigated the culprits managed to arrest the leader of the criminal organization.
The Russian hackers launched a spear-phishing attack against Raiffeisen Romania between August 9, 2016, and September 4, 2016, they sent email messaging using a weaponized RTF document.
The bait document that appeared as sent on behalf of the European Central Bank
contained the code to trigger a vulnerability in the target systems.
In this way the attackers took control over the whole network of the bank, then they were able to control the ATMs.
“The extremely well-coordinated criminal organization, wearing sunglasses and hooded anoraks waiting for the command, waited for bags and bags in their hands before the Raiffeisen Iasi, Bucharest, Suceava, Timeshare, Constanta, Plitvice, Saxon and Crevedia automats.” states the Maszol.ru. “At the hands of their leaders, at least a few buttons, 32 cars released them all the money. If more men had been involved with the criminal organization, they could have virtually eliminated all the automatons of the bank.”
According to the report, the attackers were able to instruct the 32 ATMs to dispense the cash, the investigators highlighted that the attackers only targeted systems in Romania, but once compromised the network of the bank they were also able to control any ATM worldwide belonging to the financial institution.
The bank confirmed that hackers did not access the customers’ account after the security breach.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.