The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked.
The group allegedly used a Trojan called "Lurk" to set up a network of bots on infected computers to carry out the attacks, according to Russia's FSB (Federal Security Service).
Initially identified in 2012, Lurk is a "fileless" Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation.
The criminal gang allegedly seeded some of Russia's most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims' computers.
The hackers then stole login names and passwords for victims' online bank accounts, especially accounts held at Sberbank, Russia's largest bank in terms of assets held.
Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools
Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.Supercharge Your Skills
Since Lurk was injected into the RAM, the malware made it difficult for security software to detect and analyze the malicious code once it had compromised a machine.
Sberbank helped the Russian authorities to conduct a large-scale operation in 15 regions of Russia and detain around 50 people; 18 of those are currently behind bars in Moscow.
"As a result of [home] searches a large quantity of computer equipment was confiscated along with communications gear, bank cards in false names, and also financial documents and significant amounts of cash confirming the illegal nature of their activity," a press release by the FSB stated.
All of the 50 suspects were charged with the development, distribution and use of malicious computer programs.