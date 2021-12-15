The hacker group MoneyTaker was able to steal money from a Russian bank from its correspondent account in the Central Bank for the first time since 2018. This is reported in report Group-IB.

“After a long lull, the MoneyTaker group successfully attacked a Russian bank. It is obvious that the attackers will not stop there and will continue to attack the AWS KBR, ”the report says. It is emphasized that the funds of one of the banks were stolen through an attack on an automated workstation of a Bank of Russia client (AWP KBR). The amount of the theft reached 500 million rubles.

Last time MoneyTaker attacked PIR Bank using this scheme. The incident took place in the summer of 2018, when the attackers managed to steal more than 58 million rubles from the correspondent account with the Bank of Russia. In October 2018, the Central Bank revoked the license of this bank.

Earlier, Group-IB experts reported that the damage to the Russian financial sector from hacker attacks amounted to 2.96 billion rubles in the period from mid-2017 to the first half of 2018. Russian-speaking associations MoneyTaker, Silence and Cobalt, as well as North Korean Lazarus, are recognized as especially dangerous hacker groups. The latter two managed to carry out an attack on the bank using vulnerabilities in the SWIFT interbank transfer system.